[SunRescue] Ultra 5 questions
Jonathan Katz
rescue at sunhelp.org
Fri Nov 10 20:53:46 CST 2000
On Fri, 10 Nov 2000, Reagen Ward wrote:
:Imagine a dual 200 (I think) U2 running FW-1 for 5k people. Bad load, mostly
:due to mutex contention. FW-1's kernel mods aren't multithreaded.
"Yeah-- FW1's lack of "thread()" is baaad, mmmkay." </mackey> We've had
to advise folks several times that getting a box like a 220R or 420R for
a firewall [running FW-1] and planning on throwing more procs in it when
load gets higher won't work.
The other solution is to off-load all firewall services from the single
firewall box (which a surprising amount of people don't do.) They'll throw
the SecurID authentication client, web proxy, and mail-proxy all on the
same box. Alex Noordergraph's "N-Tier" whitepaper has been a bible lately.
It's one of the blueprint series: (http://www.sun.com/blueprints)
http://www.sun.com/blueprints/1000/ntier-security.html is the "N-Tier"
document in question... [ that doc talks more about splitting up an
e-commerce environment and not a DMZ environment, but apply the same kinda
rules...]
But as for the FW1 stuff...
[ dons sales hat ]
EFS is free with Solaris 8 for limited use (I don't know the license details
off-hand.)
-Jon
--
Jonathan Katz
e-mail: jon at jonworld.com
website: http://jonworld.com
proprietor: http://bachelor-cooking.com
Cell: 317-698-4023 * Pager: 800-759-8888 1770869 * FAX: 530-688-5347
More information about the rescue
mailing list