Return to tldapps Forum - Message Thread - FAQ

Username: kiyu
Date/Time: Sun, October 15, 2000 at 8:37 PM GMT
Browser: Microsoft Internet Explorer V5.5 using Windows 98
Score: 5
Subject: Stress Levels


                First off, I would have liked to look at, linked from  where I assume that you have posted a more clear design for your system, but this page was unavailable.  I would still very much like to examine it.

If you have thoroughly tested your systems, then that should leave you feeling comfortable enough.  However, as we are all aware, real-world scenarios introduce a plethora of new, unforseen variables or possibilities which are too challenging to put together test circumstances, i.e. how the systems will hold up to hacking, as they will surely have to do.  Your choice of Win2000 and IIS as your front end server solution particularly disturbs me.  Given enough bandwidth so as to ensure that lowered service levels are solely due to the servers, if this solution can stand up to your first week of traffic, I will change my attitude towards the platform.

Looking through all of the applications which are actually posted, we see that the application by Easter Communications Company (.firm, etc.) has a UNIX (AIX) based solution using RS/6000 clusters.  RS/6000s are in the same general ballpark as the Sun E10000 which Afilias is using for its registry database servers.  Ironically, you just might be using E10000s for the same service... You don't say in your application (you say "highly available Solaris platforms running Oracle 8i.")  Are you? (I will not discredit you for not saying, as per your agreement with your host).  The .health domain is also based on UNIX (I did not see specifically what kind of servers they are using, but they do say that their backups are done over rsync, a UNIX utility).  ".i", would be hosted on UNIX servers with Exodus Communications.  ".mall" would use AIX on RS/6000s, as well as some NetFinity servers, whose OS I did not see specified.  ".mas" is using SUN.  ".mus" is going open source - possibly Linux.  ".tel" from LLC looks suspiciously similar to Afilias' application - a Sun shop.  So that closes it.  Out of all of the visible applications on the ICANN site, you are the only one looking to Microsoft for anything.  Shouldn't that say something?

Other statements in your application are equally disturbing:
"The current database system is implemented in the same data center as the front-end web servers for speed, security and efficiency, and will be comprised of eight (8) servers, when fully configured, running the Microsoft Windows 2000 Advanced Server Operating System and Microsoft SQL Server Version 7 database software. An upgrade to SQL Server 2000 is underway, and beta versions have been evaluated and met our criteria for continued use."

Rather than implement a tried and true solution, as Afilias has chosen to do with Oracle on Solaris, you have opted to use Windows (unstable, unsecure), with SQL server (same problems), and to top it off, you have opted to use beta versions of Microsoft software (alpha versions for the rest of the world) to meet a production-level mission-critical demand.  If there is a bug in this beta software (which would not be a shocker from MS), the fact that you are clustering will not matter at all.  Just the fact that you have had to use beta software to meet your needs should tell you that you need to use something else.  High end serving and mission critical applications are still solidly in the realm of UNIX, AS/400, and mainframe level operating systems.

My advice to you would be to take the nice servers you have/will purchase, switch them over to Solaris for PC and hire a UNIX guru or two.  Or even better, to best harness the Grassroots effort you are trying to capture, run Linux or FreeBSD (I would suggest a solution from TurboLinux for clustering purposes, if you were to go the Linux route) and Oracle or DB2 (TurboLinux offers solutions preconfigured for both of these databases).

You have made the right choice regarding your zone file distribution - Oracle on Solaris. 

Why are you using Microsoft for your registry and UNIX/Oracle for your zone file servers?  I could very possibly be wrong (and I will humbly accept correction), but my guess is that you do not have a strong UNIX background in your IT department and that you have outsourced the zone file servers to be hosted and administered by another entity.  Am I correct?

Realistically, for best compatibility between these systems, shouldn't everything be the same across the board?  Will those zone servers be refreshing from Microsoft based 'root' servers you keep in house?  Isn't Microsoft's DNS server slightly different in its dissemination and preparation of zone files - I believe they include information handy to WINS resolution but irrelevant to BIND. 

If this is the case, will it affect cooperation between these systems?  Probably not, but why not just make it homogenous and avoid those frustrating cross-platform, OS specific NT/2000 patches like "somethingorother issue when working with Solaris..." that you will see on MS's support section.

What about security?  I think that NT/2000 is indisputably the least secure major operating system you could have put this type of system on.  And will it be an issue?  Any company which garners as much attention as you would will surely be made quick work of by hackers. 

Since you would be in such a position of liability, why risk it on MS?  All it will take is a few times of hackers breaking in, changing a domain entry to update from a different DNS server, obtain control over the domain and then post something horrible to the "new" website - even if it only took a short while to catch and fix the error these kinds of errors could get IOD deep in litigation over negligence.  Will $1,000,000 to $2,000,000 get you out of it?  I would say that your lawyer's suggestion to get more insurance is good advice.




Message Thread:

Privacy Policy | Terms of Service | Cookies Policy