First off, I would have liked
to look at http://www.icann.org/tlds/web1/Reg_Proposal/D15.2.1_C.pdf, linked from
http://www.icann.org/tlds/web1/Reg_Proposal/rop-technical.htm where I assume
that you have posted a more clear design for your system, but this page was unavailable.
I would still very much like to examine it.If you have thoroughly tested your
systems, then that should leave you feeling comfortable enough. However, as
we are all aware, real-world scenarios introduce a plethora of new, unforseen variables
or possibilities which are too challenging to put together test circumstances, i.e.
how the systems will hold up to hacking, as they will surely have to do. Your
choice of Win2000 and IIS as your front end server solution particularly disturbs
me. Given enough bandwidth so as to ensure that lowered service levels are
solely due to the servers, if this solution can stand up to your first week of traffic,
I will change my attitude towards the platform.
Looking through all of the applications
which are actually posted, we see that the application by Easter Communications Company
(.firm, etc.) has a UNIX (AIX) based solution using RS/6000 clusters. RS/6000s
are in the same general ballpark as the Sun E10000 which Afilias is using for its
registry database servers. Ironically, you just might be using E10000s for
the same service... You don't say in your application (you say "highly available
Solaris platforms running Oracle 8i.") Are you? (I will not discredit you for
not saying, as per your agreement with your host). The .health domain is also
based on UNIX (I did not see specifically what kind of servers they are using, but
they do say that their backups are done over rsync, a UNIX utility). ".i",
would be hosted on UNIX servers with Exodus Communications. ".mall" would use
AIX on RS/6000s, as well as some NetFinity servers, whose OS I did not see specified.
".mas" is using SUN. ".mus" is going open source - possibly Linux. ".tel"
from number.tel LLC looks suspiciously similar to Afilias' application - a Sun shop.
So that closes it. Out of all of the visible applications on the ICANN site,
you are the only one looking to Microsoft for anything. Shouldn't that say
something?
Other statements in your application are equally disturbing:
"The
current database system is implemented in the same data center as the front-end web
servers for speed, security and efficiency, and will be comprised of eight (8) servers,
when fully configured, running the Microsoft Windows 2000 Advanced Server Operating
System and Microsoft SQL Server Version 7 database software. An upgrade to SQL Server
2000 is underway, and beta versions have been evaluated and met our criteria for
continued use."
Rather than implement a tried and true solution, as Afilias has
chosen to do with Oracle on Solaris, you have opted to use Windows (unstable, unsecure),
with SQL server (same problems), and to top it off, you have opted to use beta versions
of Microsoft software (alpha versions for the rest of the world) to meet a production-level
mission-critical demand. If there is a bug in this beta software (which would
not be a shocker from MS), the fact that you are clustering will not matter at all.
Just the fact that you have had to use beta software to meet your needs should tell
you that you need to use something else. High end serving and mission critical
applications are still solidly in the realm of UNIX, AS/400, and mainframe level
operating systems.
My advice to you would be to take the nice servers you have/will
purchase, switch them over to Solaris for PC and hire a UNIX guru or two. Or
even better, to best harness the Grassroots effort you are trying to capture, run
Linux or FreeBSD (I would suggest a solution from TurboLinux for clustering purposes,
if you were to go the Linux route) and Oracle or DB2 (TurboLinux offers solutions
preconfigured for both of these databases).
You have made the right choice regarding
your zone file distribution - Oracle on Solaris.
Why are you using Microsoft
for your registry and UNIX/Oracle for your zone file servers? I could very
possibly be wrong (and I will humbly accept correction), but my guess is that you
do not have a strong UNIX background in your IT department and that you have outsourced
the zone file servers to be hosted and administered by another entity. Am I
correct?
Realistically, for best compatibility between these systems, shouldn't
everything be the same across the board? Will those zone servers be refreshing
from Microsoft based 'root' servers you keep in house? Isn't Microsoft's DNS
server slightly different in its dissemination and preparation of zone files - I
believe they include information handy to WINS resolution but irrelevant to BIND.
If this is the case, will it affect cooperation between these systems? Probably
not, but why not just make it homogenous and avoid those frustrating cross-platform,
OS specific NT/2000 patches like "somethingorother issue when working with Solaris..."
that you will see on MS's support section.
What about security? I think that
NT/2000 is indisputably the least secure major operating system you could have put
this type of system on. And will it be an issue? Any company which garners
as much attention as you would will surely be made quick work of by hackers.
Since you would be in such a position of liability, why risk it on MS? All
it will take is a few times of hackers breaking in, changing a domain entry to update
from a different DNS server, obtain control over the domain and then post something
horrible to the "new" website - even if it only took a short while to catch and fix
the error these kinds of errors could get IOD deep in litigation over negligence.
Will $1,000,000 to $2,000,000 get you out of it? I would say that your lawyer's
suggestion to get more insurance is good advice.
kiyu