FreeBSD Security Survey
David Nugent
davidn at datalinktech.com.au
Sun May 21 22:42:13 PDT 2006
Doug Hardie wrote:
> On May 21, 2006, at 20:55, Colin Percival wrote:
>> If you administrate system(s) running FreeBSD (in the broad sense of
>> "are
>> responsible for keeping system(s) secure and up to date"), please visit
>> http://people.freebsd.org/~cperciva/survey.html
>> and complete the survey below before May 31st, 2006.
>
> What doesn't fit into the survey very well is that all my servers are
> production ones and it causes a lot of grief for users when I bring
> them down. I try to hold updates to once per year because of that. I
> am currently in the middle of upgrading from 5.3 to 6.0. The easy
> machines are done but there are still a few that will take
> considerable on-site time which is not easy to come by.
A good failover strategy comes into play here.
If you have one, then taking a single production machine off-line for a
short period should be no big deal, even routine, and should not even be
noticed by users if done correctly. This should be planned for and part
of the network/system design. Yes, it definitely requires more resources
to support, but I'll rephrase the same problem: what happens when (and I
mean *when* and not *if*) a motherboard or network card fries or you
suffer a hard disk crash (even 2+ drives failing at the same time on a
raid array is not particularly unusual considering that drives are quite
often from the same manufactured batch)?
Lack of a failover on mission critical systems that *can't* be offline
is like playing russian roulette.
More information about the freebsd-stable
mailing list