[colug-432] Cloud services and security

[Travis Sidelinger]

In your cast though, you would likely know the fail over IP addresses, correct?

In a number of the causes I've running into we have no idea what that
pool of IP addresses is.  Another example we have run into is google
feed burner.  Feed burner works great for cashing RSS feeds, but we
ran into the firewall rules needed updated weekly.

Also, with a short DNS, I think the lowest you can go is 1 minute.  So
even with we had a firewall that could dynamically update, there will
still be a 1 minute outage every time the IP flips.


On Mon, Feb 7, 2011 at 3:12 PM, R P Herrold <herrold at owlriver.com> wrote:
> On Mon, 7 Feb 2011, Travis Sidelinger wrote:
>
>> Also, Amazon may very well offer static IP services, but at
>> least one of the cloud solutions we would like to use does
>> not want to cooperate.
>
> I think part of the issue is solving the complexity of routing
> and fail-across.  If one can run an abstracting intermediate
> layer of IP, and then using dedicated links to deliver IP
> content to a endpoint, one can shift load and migrate a 'hot'
> image between geographically discrete datacenters, hopefully
> fast enough that the end consumer does not 'lose state'
>
> Having worked on this, it is not at all clear that hot image
> migration is a better solution than having an 'A and 'B peer
> heartbeating one another, and running short DNS expirations
>
> [We can migrate pmman.com client images between three
> locations here in town, but the image transit times are long
> enough that it is noticeable -- effective transfer data rates
> of say 50 MBy/Sec, but with a 8 GBy image, that's still over
> two minutes]
>
> -- Russ herrold
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>



-- 
"A careful reading of history clearly demonstrates ...
that people don't read history carefully.”