| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 4433.1 | | teco.mro.dec.com::tecotoo.mro.dec.com::mayer | Danny Mayer | Fri Jan 31 1997 09:21 | 63 |
| > - system should support upto 50,000 internet clients;
> ------
Is that simultaneous or total number? There's a big difference.
More relevant is the number of queries per hour.
> - at the Brokerage office, all the incoming requests
> (for info. and trading) will be coming thru a
> firewall into a front end machine;
Why? Why not put that machine outside the firewall? It would
be more secure that way. You could then have the hole in the firewall
for that machine ONLY to go to the backend machine, and its backups ONLY.
> - the back-end machine(s)
> - connected to the firewall are part of the internal
> (blue/green) network.
> - will be interacting with the live data from the
> stock exchange;
> - layered software:
> - the front-end will be running a HTTP server and
> a database server, maintaining the user requests;
> - backend maintains a database server, containing
> data of clients, their accounts and stock market
> info.
> My questions:
> ------------
>
> 1/ Can anyone take guesses on the possible h/w & s/w configuration ?
>
Unless you know something about transactions/hour, it's anyone's guess.
The IBG Sizer will help you on sizing the system if it's for Unix.
The URL of the sizer is:
http://webforum.research.digital.com/innovators/public/unix-server-sizer/
> 2/ Is an NT solution possible either
> - as the firewall or
> - as the web server or
> - both ?
>
Yes to both, but performance of an NT solution depends on the 50,000
number. On a stock exchange type of transaction, I probably would not want
to go with NT. You didn't indicate before that you also need a firewall.
For what you are asking, I'd probably go with the 3-machine Unix firewall,
I don't think I'd be ready to risk NT for this.
> 3/ Any recommended HTTP server products and
>
Depends what you want it to do. Netscape has excellent servers on
Unix and NT, Microsoft on NT, OpenMarket on Unix (and perhaps NT).
> 4/ Any recommended Database products ?
>
Anything you want. Depends also on the O/S. Oracle is one possibility.
> Any info. or tips will be of invaluable help.
You need to ask the Stock Exchange some questions. There's not enough
information here.
Danny
|
| 4433.2 | More info./assumptions | ADCA01::RAJU | | Sat Feb 01 1997 07:26 | 61 |
| Thanks a lot for the response.
>
> You need to ask the Stock Exchange some questions. There's not enough
> information here.
>
I know; I am trying, while starving for more info.
Meanwhile, if I proceed on some assumptions....
1/ I was going thru some info. on firewalls, that's available on
Digital web pages.
I felt that, the "Mid-range" product for Digital Unix would suit
our cusomer needs.
There is a hardware configuration also given there.
But there is another page, giving info on AltaVista Firewalls
available on various platforms (no hardware mentioned) ?
Now, a fundamental question is what's the difference between
selling Digital Firewall products and AltaVista firewall products ?
...which is better....?
2/
>
> Is that simultaneous or total number? There's a big difference.
> More relevant is the number of queries per hour.
>
Suppose I have 5000 queries per hour.
What would be an ideal hardware configuration for a firewall
(Digital or AltaVista) on Digital Unix ?
3/
>
> Why? Why not put that machine outside the firewall? It would
>be more secure that way. You could then have the hole in the firewall
>for that machine ONLY to go to the backend machine, and its backups ONLY.
>
I understand that, the following scenarios are possible:
(a)
+--------------+ +--------+ +--------------+
| | | | | |
| FRONT END |<---->|FIREWALL|<------>| BACK END |
| (HTTP server)| | | | (database etc|
+--------------+ +--------+ +--------------+
(b)
+--------+ +--------------+---------------+
| | | | |
|FIREWALL| <-----> | FRONT END | BACK END |
| | | (HTTP server)| (database etc)|
+--------+ +------------------------------+
(one single machine)
You are suggesting (a); right ?
Could you please tell me the advantages of one over the other ?
Thanks and again, any info. or tips will be of invaluable help.
Regards...Raju.
|
| 4433.3 | | BIGUN::nessus.cao.dec.com::Mayne | Wake up, time to die | Sun Feb 02 1997 15:26 | 11 |
| > Now, a fundamental question is what's the difference between
> selling Digital Firewall products and AltaVista firewall products ?
> ...which is better....?
Digital only has one firewall product, and it's for OpenVMS.
In your scenario (a), the firewall only allows access to the inside from the Web
server. In your scenario (b), everybody is allowed access to the inside, even if
it's only to the Web server.
PJDM
|
| 4433.4 | | 16.25.0.70::tecotoo.mro.dec.com::mayer | Danny Mayer | Mon Feb 03 1997 09:28 | 28 |
| > Now, a fundamental question is what's the difference between
> selling Digital Firewall products and AltaVista firewall products ?
> ...which is better....?
They're the same thing (ignoring the VMS version). IBG took over the
firewall software and made them into products some time ago. When the ISBU
unit was started the group moved into the ISBU. The ISBU is what is now
AltaVista.
> Suppose I have 5000 queries per hour.
> What would be an ideal hardware configuration for a firewall
> (Digital or AltaVista) on Digital Unix ?
>
5000 queries is not a lot even assuming the backend takes a long time
to process the query. What country are we talking about? India? I doubt that
they are talking about 5000/hour. I expect something much higher. The
firewall will see almost no traffic in that scenario.
> You are suggesting (a); right ?
> Could you please tell me the advantages of one over the other ?
Yes, I'm suggesting (a). As Peter mentioned in his response, you are
limiting access from the outside to the backend to just the frontend machines.
It reduces the vunerability of the backend and particularly the database
and transactions. That's particularly important for the stock market not to
be vunerable to attack or fraud.
Danny
|
| 4433.5 | Re: Internet Solution for a Stock Brokerage Firm...Need Help. | QUABBI::"[email protected]" | Stephen Stuart | Mon Feb 03 1997 12:10 | 23 |
| tecotoo.mro.dec.com::mayerDanny Mayer (@16.25.0.70.enet.xyz.com) wrote:
: Title: Internet Solution for a Stock Brokerage Firm...Need Help.
: Reply Title: (none)
: Yes, I'm suggesting (a). As Peter mentioned in his response, you are
: limiting access from the outside to the backend to just the frontend machines.
: It reduces the vunerability of the backend and particularly the database
: and transactions. That's particularly important for the stock market not to
: be vunerable to attack or fraud.
For the even more paranoid, both the HTTP server and the database
server can be placed inside the firewall, and a third host outside
added to relay TCP connections for only those services that are
allowed. This is pretty much the way that the Palo Alto TCP relay host
delivers TCP connections to the ESSB software ordering system.
Stephen
--
- -----
Stephen Stuart [email protected]
Network Systems Laboratory
Digital Equipment Corporation
[posted by Notes-News gateway]
|
| 4433.6 | Thanks; will be back soon. | ADCA01::RAJU | | Thu Feb 06 1997 01:46 | 8 |
| Since we were running out of time, we took the help of an experienced
SI guy, validated it, with a few S&M and MCS experst and proposed
a configuration.
I apologize for not being able to mention it at this point in time.
I shall, do it soon, for the benefit of anyone.
This is just because, it's currently at the bid stage.
Thanks for all the help...Raju.
|