Re: Boot ISA from a SAN

Steve:

Thanks for the insight.  

bret

-----Original Message-----
From: Steve Thamasett [mailto:steve.thamasett@xxxxxxx] 
Sent: Wednesday, January 07, 2004 1:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Boot ISA from a SAN

http://www.ISAserver.org

Bret,

Primarily I have seen Boot from SAN in situations where the client has a
hot spare server (sometimes at a different site) and the partitions are
replicated to another device (via SRDF or MirrorView depending on the
gear) so in case of a site failure the spare server can be brought up and
assume the identity of the downed box.  Aside from those types of
situations, I typically recommend against Boot from SAN as long as you
have the other partitions on the CLARiiON.  It's not that it won't work,
but it can introduce additional complexity,  _especially_ with multihomed
hosts like firewalls.  If you host your configs on the SAN and have a
server image somewhere, then it's probably a wash for recovery time since
your replacement server may not have all of the *exact* same hardware as
the failed box and Boot from SAN will get upset if the h/w is different.

From a SAN security standpoint, it's mainly about your zoning and knowing
what device can possibly access what disk.


Just my 2 cents,


Steve T.


-----Original Message-----
From: Bret Hanson [mailto:Bhanson@xxxxxxxxxx]
Sent: Wednesday, January 07, 2004 1:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Boot ISA from a SAN

http://www.ISAserver.org

The SAN uses a fiber channel HBA.  It is set up and working perfectly - I
can restore from a snap shot taken yesterday.  The OS and all ISA related
services run fine from snap shot restores.  Also on the same SAN
(different
LUNS) are our SQL servers and databases, web/intranet, all user data, and
other application servers.  I guess I should have stated this in the first
place.

Because I am relatively new to major SAN devices, I am curious if I am
missing something by way of security with this hardware configuration.

Thank you,
bret
   

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, January 07, 2004 12:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Boot ISA from a SAN

http://www.ISAserver.org

Booting over any remote device, be it SCSI- or network-based is not a good
design for your firewall.
Booting from any SAN is (IMHO) not worth the setup and troubleshooting
hassles it causes...

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message -----
From: "Bret Hanson" <Bhanson@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 07, 2004 09:53
Subject: [isalist] Re: Boot ISA from a SAN


http://www.ISAserver.org

Its about recoverability at a point in time - the cost of a drive is not
an issue. 

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Wednesday, January 07, 2004 11:41 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Boot ISA from a SAN

http://www.ISAserver.org

What's the point?
If you can afford one of those devices, you can certainly afford a local
drive for the ISA server.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message -----
From: "Bret Hanson" <Bhanson@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 07, 2004 08:56
Subject: [isalist] Boot ISA from a SAN


http://www.ISAserver.org

Please forgive my ignorance, but would it be bad practice to boot an ISA
server that acts as our gateway, firewall, and web proxy from a SAN
device.
More specifically an EMC Clariion.

Thanks,
bret

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bhanson@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bhanson@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve.thamasett@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bhanson@xxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')




Other related posts: