NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Recommended NT Disk Partitions



Three partitions are better than 2.

1) NTFS - Operating System. (resist the urge to use \Program Files and stop
NT
from logging to \winnt\system32\logs etc)
On most servers which are "production" requirement, we run FAT because NTFS
can bite you bad when a service pack or driver update causes a BSOD and no
boot.
(ever spend time doing a "temp NT" install just so you can access NTFS???
Ever
seen how bad "repair" install can RAPE your server???)
On high security installations (FW1 etc) NTFS for ALL partitions is a NO
BRAINER.
2) NTFS - Applications.
3) NTFS - Logs and Databases (sqldata, .log, .mdb etc)

With most good raid controllers you can specify the type of caching/access
patterns
that each logical drive should use. For this reason you would not want your
cache
wasted on READ-AHEAD on a logging partition. At the same time, you wouldn't
want
your logging/sql partition to use lazy writes... Access patterns for Apps
and Logs
are quite different, and logs tend to grow so this is good reason for
splitting
them up.

On Linux we setup something like 7 or 8 partitions.
Reasoning is that you can get a finer granularity of access control and
actually
mount the system partition read-only.

If you use REMBO (http://www.rembo.com) you can have your server suck down a
fresh partition image every time it boots. (good for bastion host recovery
as well)
You can even have ALL the partitions rebuilt. Probably better than Altiris.


-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Frank Knobbe
Sent: Thursday, September 14, 2000 5:53 PM
To: 'Paul Thresher'; [email protected]
Subject: RE: [FW1] Recommended NT Disk Partitions



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Paul Thresher [mailto:[email protected]]
> Sent: Thursday, September 14, 2000 1:23 PM
>
> I am setting up a new FW-1/VPN-1 4.1 standalone system on
> NT version 4.0 with a 9gb disk and 256mb of memory.
> I am looking for any recommendations on the number of
> partitions to use and their size.

Paul,

I always install NT on a 2-4 GB System partition and allocate the
rest as a Data partition. The System partition C: will contain NT and
services (i.e. Exchange, FW-1, whatever runs on the box). All data
that is generated (i.e. Exchange databases, log files, etc) and user
data (if the servers is F/P) resides on the Data partition D:. No one
should be able to write files to the C: partition to prevent the disk
space from filling up and NT from crashing. Also for security
reasons.

> Also is it possible to send the logs to a partition other than the
> one the  firewall is installed in without writing a script to
> move them
> from one place to another?

I'm not aware of a method to direct the active logs to a different
location. However, I usually configure firewalls to run a batch file
at midnight (scheduler service) that calls logswitch and moves the
exported log to a log directory on the D: drive. That will keep the
disk space on C: in check.

Hope that helps,
Frank


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA+AwUBOcFIxERKym0LjhFcEQI2YACg9z6mQ2wt0jsF1c2uJLrAC6bNdXcAlj6k
419QSKMuGkkzdU8FZimSIKk=
=3xn2
-----END PGP SIGNATURE-----


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.