Steve: Thanks for the insight. bret -----Original Message----- From: Steve Thamasett [mailto:steve.thamasett@xxxxxxx] Sent: Wednesday, January 07, 2004 1:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Boot ISA from a SAN http://www.ISAserver.org Bret, Primarily I have seen Boot from SAN in situations where the client has a hot spare server (sometimes at a different site) and the partitions are replicated to another device (via SRDF or MirrorView depending on the gear) so in case of a site failure the spare server can be brought up and assume the identity of the downed box. Aside from those types of situations, I typically recommend against Boot from SAN as long as you have the other partitions on the CLARiiON. It's not that it won't work, but it can introduce additional complexity, _especially_ with multihomed hosts like firewalls. If you host your configs on the SAN and have a server image somewhere, then it's probably a wash for recovery time since your replacement server may not have all of the *exact* same hardware as the failed box and Boot from SAN will get upset if the h/w is different. From a SAN security standpoint, it's mainly about your zoning and knowing what device can possibly access what disk. Just my 2 cents, Steve T. -----Original Message----- From: Bret Hanson [mailto:Bhanson@xxxxxxxxxx] Sent: Wednesday, January 07, 2004 1:19 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Boot ISA from a SAN http://www.ISAserver.org The SAN uses a fiber channel HBA. It is set up and working perfectly - I can restore from a snap shot taken yesterday. The OS and all ISA related services run fine from snap shot restores. Also on the same SAN (different LUNS) are our SQL servers and databases, web/intranet, all user data, and other application servers. I guess I should have stated this in the first place. Because I am relatively new to major SAN devices, I am curious if I am missing something by way of security with this hardware configuration. Thank you, bret -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, January 07, 2004 12:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Boot ISA from a SAN http://www.ISAserver.org Booting over any remote device, be it SCSI- or network-based is not a good design for your firewall. Booting from any SAN is (IMHO) not worth the setup and troubleshooting hassles it causes... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Bret Hanson" <Bhanson@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, January 07, 2004 09:53 Subject: [isalist] Re: Boot ISA from a SAN http://www.ISAserver.org Its about recoverability at a point in time - the cost of a drive is not an issue. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, January 07, 2004 11:41 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Boot ISA from a SAN http://www.ISAserver.org What's the point? If you can afford one of those devices, you can certainly afford a local drive for the ISA server. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Bret Hanson" <Bhanson@xxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, January 07, 2004 08:56 Subject: [isalist] Boot ISA from a SAN http://www.ISAserver.org Please forgive my ignorance, but would it be bad practice to boot an ISA server that acts as our gateway, firewall, and web proxy from a SAN device. More specifically an EMC Clariion. Thanks, bret ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bhanson@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bhanson@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: steve.thamasett@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bhanson@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')