
YuChakTinMichael‘sGIACGCFWProjectAssignment
Page 27
n 192.168.22.2(toRAS_Net)
EquipmentFaultToleranceandRedundancy:
Althoughitispossibletorunthefirewall/routingservicesonhighlysophisticated
clusterequipments,lowercostalternativesarepossible.Firstofall,machinelevel
faulttolerancecanbeestablishedbyusingDiskMirroringandUPS:
n With DiskMirroring,dataiswrittentotwoduplicatediskssimultaneously.Ifone
ofthediskdrivesfails,thesystemcaninstantlyswitchtotheotherdiskwithout
anylossofdatanordowntime.
n UPS(uninterruptiblepowersupply)isaspecialkindof powersupplythatusesa
batterytomaintainpowerintheeventofapoweroutage.Itenablesautomated
backupandshutdownproceduresincasethere'sasuddenpowerfailure.
Another thingthatcan bedoneforredundancyistomaintainanidenticalsystemasa
standbysystemforthemostcriticalfirewall androuter implemented.Thisstandby
machineshouldhavetheexactsamehardwareandsoftwareconfigurationasthe
“original”.
Toimplementastandbymachine,thefollowingstepsarerecommended:
1. Completetheconfigurationofthe“original”system.
2. Backupthesecurity/routingpolicyandobjectdatabaseaswellasanyother
exportablesecurity/routingsettingstoremovablemedias.Keeptheminasafe
andsecureyetassessableplace.
3. Producehardcopydocumentsofthesecurity/routingpolicysettings.Keepthem
inasafeandsecureyetassessableplace.
4. UseadiskcloningutilitysuchastheNortonGhostutilitytocreateanimageof
theentiresystemdisk.
5. Createtheidenticalstandbysystembyrestoringtheimagetoanidentical
computer.
6. Testthestandbysystemwhilethe“original”isoff.
Keepinmind,utilitylikeGhostwillcloneEVERYTHING,includingthesystem’s
SID.Thisisperfectlyokaslongastheoriginalsystemandthestandbysystem are
Kommentare zu diesen Handbüchern