I've just had a follow-up call from PEER1 and they are willing to waive
the setup fees.
You have the contact info for the PEER1 sales rep in the quote; should I
let him know that Tyler will be following up?
If we are worried about ongoing costs, we could save some recurring fees
by going to a lower hardware level. I like the idea of a firewall, but
only because I'm Linux-impaired. I would think that we might also want
a VPN connection between that server and Telascience so that our LDAP
queries are encrypted point-to-point, but it would also be possible just
to set up a firewall rule to only allow queries to/from those hosts.
Do we really want to commit to three years? I hate doing that with my
cellphone...
Jason
-----Original Message-----
From:
Sent: Wednesday, November 08, 2006 10:18
To: sac@sac.osgeo.org
Cc: robert.bray@autodesk.com
Subject: Re: [SAC] Server host quotes
Tyler,
Before we start renegotiation's with a vendor I want our Sysadmin to
review the proposals. This should happen late this week. In the mean
time it would be great to have input from the SAC membership.
The Peer1 quote seems to be reasonable, assuming we do need two servers to get started. I missed a good part of discussions about the transition plan a few weeks ago, so I'll just assume that we do know that we need two servers and that someone has a clear plan for how they are going to be configured and used. With respect to the hardware firewall, my experience is that we can have very reliable software firewalls with iptables. However the call to have a hardware firewall or not should probably be made by the administrator who will setup and manage the servers in the long run and who will be responsible for keeping them up 24x7 for the years to come. Same for backup system I guess.
Actually, what worries me the most is not the hardware but the actual system administrator. It's nice to have servers but will someone be there to take responsibility and maintain the servers in the long run? I remember reading that a contractor would be paid by ADSK for the initial setup, but will that person be around for the long term maintenance? If that person walks away after 3 months are we going to end up with a bunch of servers and services and nobody that knows anything about them?
Daniel
Jason Birch wrote:
I've just had a follow-up call from PEER1 and they are willing to waive
the setup fees.
You have the contact info for the PEER1 sales rep in the quote; should I
let him know that Tyler will be following up?
If we are worried about ongoing costs, we could save some recurring fees
by going to a lower hardware level. I like the idea of a firewall, but
only because I'm Linux-impaired. I would think that we might also want
a VPN connection between that server and Telascience so that our LDAP
queries are encrypted point-to-point, but it would also be possible just
to set up a firewall rule to only allow queries to/from those hosts.
Do we really want to commit to three years? I hate doing that with my
cellphone...
Jason
-----Original Message-----
From:
Sent: Wednesday, November 08, 2006 10:18
To: sac@sac.osgeo.org
Cc: robert.bray@autodesk.com
Subject: Re: [SAC] Server host quotes
Tyler,
Before we start renegotiation's with a vendor I want our Sysadmin to
review the proposals. This should happen late this week. In the mean
time it would be great to have input from the SAC membership.
On 8-Nov-06, at 12:08 PM, Daniel Morissette wrote:
The Peer1 quote seems to be reasonable, assuming we do need two servers to get started. I missed a good part of discussions about the transition plan a few weeks ago, so I'll just assume that we do know that we need two servers and that someone has a clear plan for how they are going to be configured and used. With respect to the hardware firewall, my experience is that we can have very reliable software firewalls with iptables. However the call to have a hardware firewall or not should probably be made by the administrator who will setup and manage the servers in the long run and who will be responsible for keeping them up 24x7 for the years to come. Same for backup system I guess.
Shawn - your thoughts on this? From talking last week, I believe you were in favour of the firewall and some tape backup. and that you wanted the 2nd server for failover and load balancing.
Jason - seems we have chosen the provider? What can I do to help finalise this deal so Shawn has public infrastructure to work on?
On 8-Nov-06, at 12:08 PM, Daniel Morissette wrote:
The Peer1 quote seems to be reasonable, assuming we do need two servers to get started. I missed a good part of discussions about the transition plan a few weeks ago, so I'll just assume that we do know that we need two servers and that someone has a clear plan for how they are going to be configured and used. With respect to the hardware firewall, my experience is that we can have very reliable software firewalls with iptables. However the call to have a hardware firewall or not should probably be made by the administrator who will setup and manage the servers in the long run and who will be responsible for keeping them up 24x7 for the years to come. Same for backup system I guess.
Shawn - your thoughts on this? From talking last week, I believe you were in favour of the firewall and some tape backup. and that you wanted the 2nd server for failover and load balancing.
Jason - seems we have chosen the provider? What can I do to help finalise this deal so Shawn has public infrastructure to work on?
Tyler
Yes I think the separate firewall, tape backup and two servers are good ideas.
The firewall gives us the advantage of having a dedicated device for primary firewall duties and for vpn and load balancing. Iptables is very reliable and powerful tool and will be set up on the servers creating a secondary firewall but, i prefer a separate device for firewalling - greater security, server not using resources for filtering/vpn/etc.
Tape backup as the main backup, especially considering the svn server. A secondary backup strategy probably via rsync will be set up but, i believe a tape backup is mandatory. The tape allows us to rebuild a machine quicker than the 'rsync' backups and having backups in multiple places and media is definitely good.
Two servers give us redundancy and fail over protection at source and when needed a second system for load balancing. Still working on exact configuration but, planning on mirroring the servers as much as possible.