HI Hameed,
1st of all, if you talk aobut NAS, what are you talking about?
a somwhow designed "head" serving:
NFS
SMB
iSCSI
or others..
So in the end you "NAS" is working with the standart protocolls.
Therefor your NAS is not more secure/faster than limitations of the
coresponding protocol.
The security of NFS depends on the Implementation.. But keep in mind
that NFS itselves is not encripted traffic.
If you want to encript and authenticate the connection itselves, you
should use NFS over IPSEC:
NFSv4 has the capability to use a kerberos system to clarify weather the
participating user is who he is pretending to be.
The security of the traffic itselfes depends on the standart IP security
features of your systems.
You are able to limit the share of a server to specific nodes but that
has all the benefits and challanges of all IP (in the case of NFSv4 also
TCP) traffic.
everything below NFSv4 still needs the portmapper and might be mix of
UDP and TCP traffic -> Not that secure if you take a closer look,
From a performance standpoint, your private Gbit network is a good
idea. You need to take care that you have the CPU power to move the
traffic fast enough.
If you have a small number of connections, your single thread CPU
performance will be important.
Reliability:
That depends on your Clients.. e.G. with Cluster Technologies, you are
able to make a fast "switch" (i call it restart the opreration) of a NFS
service...
Important is that your Clients have to find that out fast enough and do
a reconnect. That should work fine , as long as you accept a failover
time of some seconds (as long as your cluster gets the disks fast
enough, but thats another question).
I hope that helps.
From a installation standpoint, your setup is intresting and has been
done already... but pleas keep in mind that there are several pathes and
files in the oracle installation which are not able (well, should not, i
think it is possible but maybe not supported) to be shared over all
systems, just your Oracle update and Pathing (which will happen a lot!!)
will be a nightmare... you will have to stop you whole environment...
Typically i would drive that with a single installation (mybe coned with
zfs :-) ) for each functionality/node.
cu
BUD
Amir Hameed wrote:
Folks,
I am working on implementing "Shared Application Filesystem" architecture with
Oracle e-Business Applications suite for a multi-node, mission critical system. What this
means is that instead of installing Oracle binaries (Application code, Oracle RDBMS
software code, Application Server code) separately on each tier node, I would like to
install it on a shared storage so that all particiating nodes can share it. I am looking
at the following options for sharing the storage:
- NAS (EMC Celera)
- NFS
I have already exlpored the EMC option and now I am researching on the NFS
option. I'm specially interesting in the following:
- The security aspect of NFS: How secure it is and can it be made secured. What
are the risks associated with using it. How is the security different from that
offered by NAS devices?
- NFS Performance and reliability: Configuring NFS to use the private gigabit
network instead of the public network to improve performance. Use IPMP for the
network failover.
- Reliability: I understand that NAS devices offer multiple heads or
data-movers to provide failure resilience. But if I use the database server as
the NFS Server then this becomes a moot point as if the database server fails
then the application will become unavailable any way.
I would appreciate any feedback. If someone is already using this
architecture/configuration then I would appreciate the experience.
Thanks
This message posted from opensolaris.org
_______________________________________________
perf-discuss mailing list
perf-discuss@opensolaris.org
begin:vcard
fn:Bertram Dorn
n:Dorn;Bertram
org:Sun Microsystems;Professional Services Delivery
adr:;;Sonnenalle 1;Kirchheim;BY;85551;Deutschland
email;internet:[EMAIL PROTECTED]
title:Senior Systems Engineer / Security Ambassador
tel;work:+49/89/46008/1350
tel;cell:+49/173/5633509
url:http://www.sun.com
version:2.1
end:vcard
_______________________________________________
perf-discuss mailing list
perf-discuss@opensolaris.org
