computerwoche.de

Archiv

SLA 104: Choosing the service hardware

03.05.2006

High-end hardware should support aggregate throughput of over 1Gbit/sec. Average hardware should support from 500Mbit/sec. to 1Gbit/sec. Low-end hardware should support anywhere from 100Mbit/sec. to 500Mbit/sec.

It's important to specify the number of network ports to be allotted for your needs, as that will dictate the number of network segments you can set up and, thus, your potential throughput. Most security experts design network infrastructures with multiple segments, such as one for an application DMZ and one for a database DMZ. Depending on your configuration, you might want to have three or four segments. If you have a piece of stand-alone hardware with only two available ports, you'll have to design around that limitation. You should also stipulate that the port speed must support the highest-performance switch on your network. This ensures that your network is not slowed down by the firewall and your IDS can adequately monitor your network.

Many hardware-based security applications store the actual software image on flash cards. This allows vendors to upgrade the software by simply writing over the flash memory. But as features increase, so do memory requirements. You'll need to make sure that the flash cards installed in your appliance can accommodate upgrades. Flash cards are cheap, so look for cards that have at least 50% more space than initially required for the software itself.

Physical considerations

If your provider installs a security appliance at your facility, you need to be aware of that unit's space requirements: A 3U security appliance takes up three times the room of a 1U appliance, and the more space your security appliance requires, the less room you have for your other servers. If rack space is at a premium in your data center, make sure your provider states the rack requirements of your appliance, since when it comes time to replace your hardware, your provider may want to install a larger appliance. If you've filled up your rack already, you'll find it tricky to find more space for the new hardware.