AnandTech Hardware Upgrade - four is better than two
by Jason Clark on August 22, 2004 12:05 AM EST- Posted in
- IT Computing
Firewall
For the past few years, we've had our Windows 2000 servers sitting on the public internet. Most people would think that we're crazy, and we probably were! But, over those few years, we were only hit with 1 vulnerability (SQL Slammer). The main reasons for not implementing a firewall were cost and implementation time. With Anand in school and I, running FuseTalk, finding the time to implement was a challenge. So, after 4-5 years of hanging our network out there, we decided to protect the network with a firewall.We spent a few weeks researching and pricing the various solutions for a network of our size. In the end, we chose a Netscreen 25 from Netscreen Technologies (recently acquired by Juniper Networks). The Netscreen 25 met our current needs with room to grow. The first thing that we had to look at was sessions, as most of the products out there are based on the number of simultaneous sessions that they will serve. The Netscreen 25 serves 16,000 simultaneous sessions and 4,000 new sessions per second. We serve anywhere from 3000 to 6000 simultaneous sessions, depending on the day. Throughput is probably secondary, since most of the firewalls in this range will handle more throughput than required. The Netscreen 25 is no exception, as it handles 100Mbit/sec of firewall throughput; we burst at 41Mbit/sec, depending on the day.
29 Comments
View All Comments
kherman - Wednesday, August 25, 2004 - link
How about a pic of that motherboard!JasonClark - Monday, August 23, 2004 - link
Penpun, I updated the article with the URL's, and correct a spelling error on my end. It's CI Designs not CSI Designs, guess I watch a bit to much CSI :)penpun - Monday, August 23, 2004 - link
"CSI Designs RMHR 9000"where can we find more info on this company and their products? a quick google search didn't reveal anything obvious.
Phiro - Monday, August 23, 2004 - link
Not sure if you want to give out these numbers, but how many page views did you have in the last 30 days, and how many unique visitors?JasonClark - Monday, August 23, 2004 - link
#21Because, we have standardized on the microsoft platform, and that is where our expertise lies. Performance-wise, a well tuned .Net application on windows will run just as good as it will on linux if not better as the framework was built on the windows platform.
MySQL is no where close to SQL Server in terms of an enterprise database server (at least not yet). No stored procedures, triggers etc. 5.0 is a way off yet, which should include those features. Also the tools for MySQL are terrible in comparison to SQL Enterprise Manager. SQL Server is where it's at in terms of productivity, enterprise class features and the best management tools in the business.
As #22 said, productivity is key, why run something you are not familiar with and is not the best platform for a .NET application? We're not interested in PHP or any other language.
yelo333 - Monday, August 23, 2004 - link
#21, probably familiarity. Which means productivity.IIRC, they also chose the forums software this way...
Remember, nobody(well, hardly anybody) can know all combinations of software just as well as another.
There are probably more reasons, or completely different ones, so wait around for the "official" answer. ;)
unhaiduc - Monday, August 23, 2004 - link
This may be a dumb question, but why don't you guys run a Linux/Apache webserver? or even Win/Apache?.. MySQL?JasonClark - Sunday, August 22, 2004 - link
Sharkeeper, we are no where near 16,000 sessions simultaneous... only 3-4000, no slow down at all at that level.VirtualLarry - Sunday, August 22, 2004 - link
Reflex, my friend also has a quad-proc Slot-II Xeon Compaq server, dual-redundant sets of 3 cooling fans, 2+1 redundant PSUs, hot-swap 64-bit PCI, SCSI RAID, etc., crazy overkill kind of stuff for home. He has a rack-mount case in his kitchen. :P Oh yeah, it definately DOES sound like a jet plane taking off when he turns the thing one. It's pretty snappy though, good for LAN game servers and stuff. It also uses an insane memory-expansion daughterboard, with its own buffer chips, can accept up to 16 or maybe even 32GB of registered ECC SDR memory, in quad-interleaved groups of 4 DIMMs. I think he just has 4 x 256MB or 4 x 128MB now, because he got the RAM for cheap.sharkeeper - Sunday, August 22, 2004 - link
Interesting choice of firewall. What happens when it get saturated? I've implemented NS25's in small enterprises with ~200 or so users and was concerned. Their utilisation is nowhere near what yours would be.Cheers!