Re: [OA Security] [cobalt-security] Re: RAQ & rsync

[OpenAccess System Security <security@xxxxxxxxxxxxxx>]

Yes, our thoughts are to connect all the production RAQ4 units we have (plus
one RAQ4 warm spare) on their second ethernet port to a secondary switch.
This switch would also have a backup server with lots of disk space.

The eth0 port on the warm spare is connected as usual, except the physical
port it is plugged into on the primary switch is disabled.  We can
enable/disable physical ports on the switch (3COM 3300) remotly.


Each night, each RAQ4 would rsync to a target directory on the backup
server.  

If one of the product RAQ4 boxes fails, we...

A) disable its physical port on the primary switch.

B) rsync the appropriate file image from the backup server over to the warm
spare.

C) reboot the warm spare.

D) while it is rebooting, the physical port on the primary switch for the
warm spare so when it comes back up it on the production network.

We are back up again.

This is obviously a manual process and would take time, but far less time
than a full system recovery and a lot less resource intensive in terms of
needing extra hardware than providing a warm spare for each production RAQ4.

- mike

 On 2/13/03 1:21 PM, "Bruce Timberlake" <bruce@xxxxxxxxxx> wrote:

> Alternative - if you "hardwired" the 2nd ethernet ports to be the
> "backup" IP address (the one you connect to while the server is in
> 'standby'), you could get around worrying about all the config info
> you're copying, as that is set up for the primary ethernet port.
> Then, if you need to bring the 'standby' server up as 'primary', just
> plug the ethernet cable into eth0 and tweak your router/etc to send
> traffic to the 'new' server.  By keeping everything on the 2nd
> ethernet ports, you avoid extra influence on the usage stats, or
> traffic in general on the same connection the public is using (easier
> if all boxes are in the same datacenter and you can wire up a 2nd
> network for them to use).