[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Disaster Recovery.

From: Thornton, John
Subject: RE: Disaster Recovery.
Date: Thu, 20 May 2004 10:02:49 -0700

I'm rsyncing the keys and trusting the keys from the policy hosts.

-----Original Message-----
From: Michael Little [mailto:address@hidden 
Sent: Thursday, May 20, 2004 9:21 AM
To: address@hidden
Cc: Thornton, John
Subject: Re: Disaster Recovery.


One question... How are you dealing with authentication keys?

I suppose you could just insure that keys have been pushed from both the

  policy host and the backup policy host, or trust keys from the policy 
host(s). I am just curious as to how you have addressed this.


Golf: A five mile walk punctuated with disappointments -- Anonymous

Thornton, John wrote:
> What I've done at my site is create a dns alias for the policy host 
> pointing to the main server. I have the main server rsync it's 
> masterfiles dir to another server.  In an event the main server goes 
> down and it turns out it will be down for some time, I change the 
> alias in DNS to point to the secondary server.
> -----Original Message-----
> From: address@hidden
> [mailto:address@hidden On 
> Behalf Of Jamie Wilkinson
> Sent: Tuesday, May 18, 2004 8:19 PM
> To: address@hidden
> Subject: Re: Disaster Recovery.
> This one time, at band camp, Tony Hawke wrote:
>>I know that all of the clients can continue using their current 
>>configs.  But as soon as I get the main server back up (restored from 
>>backup or whatever,) they'll lose whatever changes have been made to 
>>their configs in the intervening time.  This is a bit of an issue as
> the
>>systems we use here are somewhat fluid in their configuration.
> How will the clients change their configs whilst the server is down?
> If the main server goes down, the clients will use their local copies 
> of the inputs.  The inputs won't change because the server can't be 
> contacted, unless you have some out-of-band system changing the inputs

> anyway, in which case you've got problems regardless of whether the 
> server is up or not.
> When the main server comes back up, either the local copies will be up

> to date or the server will be newer, and they'll update and continue 
> on as expected.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]