[thelist] How to protect against downtime?

martin.p.burns at uk.pwcglobal.com martin.p.burns at uk.pwcglobal.com
Thu Feb 28 05:18:01 CST 2002


Memo from Martin P Burns of PricewaterhouseCoopers

-------------------- Start of message text --------------------



Subject:    [thelist] How to protect against downtime?

>Problem:
>The site _cannot_ go down for any reason.  DRDoS attacks, DNS
>hacking, and the like worry me about relying on a single host.

Ouch. I think you'll have real problems finding 100% planned uptime.
The best I've ever heard anyone claiming was 5 nines (99.999%)
[Hi Seb!]

>My crack at a solution:
>Get two separate hosts.  One primary and the other as a mirror.  Update
>both the primary and the mirror database for each transaction.  If the
>primary goes down, switch the DNS to point to the mirror.

>Does anyone have any suggestions?

I'm not the server expert (but sit across a desk from one who's running
a fair number of high load dynamic sites rn). The way it's being done
on this project is we've got multiple servers and have a loadbalancer
doing a round-robin of the web/app servers.

We have all the content and user data repositories stored on a separate
set of boxes which the front-end servers look to for single views of the
truth, and these are in a separate security zone.

You'll run into data integrity difficulties if you mirror your backend db,
particularly as it's a transactional site which updates the db with user
info. But if users can't directly connect to the db, then many of the
issues
you're worried about are probably less likely.

I've also seen people put a rules-based router in front of the web servers
so they can reject DoS type attacks. They still kill your bandwidth, but
leave
your servers running. There's some info about this at
http://grc.com/dos/grcdos.htm

Cheers
Martin



--------------------- End of message text --------------------

This e-mail is sent by the above named in their
individual, non-business capacity and is not on
behalf of PricewaterhouseCoopers.

PricewaterhouseCoopers may monitor outgoing and incoming
e-mails and other telecommunications on its e-mail and
telecommunications systems.
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.




More information about the thelist mailing list