external database

[aussie_in]

Subject: External database

Hi All,

I am looking for documentation and help in migrating existing embedded database to external database.

Which is the best database for above application ?

How to document for migrating from embedded to external ?

Thanks in advance.

Naveen

[CSING]

How many users? Check Point Integrity is moving away from external databases. 7.0 will only support an embedded database. For most installations this is a good thing. Large install bases 25k will have to wait until 7.5 to use the embedded database option. So if you are considering moving to external database due to your growth, and you can wait you may want to consider 7.0 and eliminate the db deployment.

[dingo8mybaby]

Quote:

Originally Posted by CSING

How many users? Check Point Integrity is moving away from external databases. 7.0 will only support an embedded database. For most installations this is a good thing. Large install bases 25k will have to wait until 7.5 to use the embedded database option. So if you are considering moving to external database due to your growth, and you can wait you may want to consider 7.0 and eliminate the db deployment.

"7.0 will only support an embedded database" how does that work with clusters then?

[CSING]

It doesn't. 7.0 is embedded DB only. This means clustering is out but HA (cold failover) is IN. 7.0 will use Location Awareness which allows clients in the LAN to retain the "connected" mode policy even if the server and the backup server go down or are inaccessible for other reasons, provided the client has access to pre-defined customizable network resources or to a "Beacon" server that lets the client know it is in the LAN.

6.6 has embedded only without HA. 7.0 rectifies the HA vulnerability. 6.0 to 6.5 versions have clustering (weak HA) with external DBs only.

Finally 7.5 will have Federation (with HA) allowing more than 20k seat installations.

Originally 7.0 was to have full Federation. This was a design that split the server into a Policy Manager (PM) and several Connection Managers (CM). The PMs only serve CMs and have HA between them so CMs always have something to connect to. Clients directly connect to CMs which can each handle 15-20k clients. Clients would intelligently load balance between CMs as needed. The PM-CM combination can fit on a single server so one server can handle 15-20k clients (with an extra server for HA) or the customer can choose to scale to multiple CMs and many thousands of seats. CMs send log data to Log Servers.

Scheduling prevented federation in 7.0. The PM/CM split will come with 7.5 along with some UI for HA. This will limit 7.0 to server to 15-20k seat installations. 7.0 will have fully functional HA and client side load balancing. 7.5 will see the completion of the PM/CM split and it will see the completion of the HA UI.

Some are attached to having an external DB. Federation design is greatly complicated if you have external DBs. Also, external DBs present a single point of failure unless you take on the task of clustering the DB. Most do not have the capability to do this. External DBs are limited in logging capacity just as the embedded DB is (the limit is just much higher). The federation design eliminates a single points of failure (all of them) and provides a simple supportable architecture for client connection that anyone can afford and deploy.

[dingo8mybaby]

Quote:

Originally Posted by CSING

It doesn't. 7.0 is embedded DB only. This means clustering is out but HA (cold failover) is IN. 7.0 will use Location Awareness which allows clients in the LAN to retain the "connected" mode policy even if the server and the backup server go down or are inaccessible for other reasons, provided the client has access to pre-defined customizable network resources or to a "Beacon" server that lets the client know it is in the LAN.

The federation design eliminates a single points of failure (all of them) and provides a simple supportable architecture for client connection that anyone can afford and deploy.

Thanks for the reply, that’s all very interesting! Unfortunately our experience with the 4.5 product showed the cold failover seldom worked correctly. Actually if the service just hung then failover never occurred. I went for the 6.5 product specifically because I could cluster the nodes with a content switch and could put the DB on a sql cluster to ensure proper HA.

I have not encountered many issues in using the full dbug mode – the file does get a bit unwieldy after a couple of hours – but the db cluster uses a SAN for storage, so additional capacity for logging is always available.

It sounds like migration from 6.5 to 7x is going to be a non-starter for me and we’ll probably request an amendment to provide a later version to revert to external db for us.

[chillyjim]

Quote:

Originally Posted by dingo8mybaby

It sounds like migration from 6.5 to 7x is going to be a non-starter for me and we’ll probably request an amendment to provide a later version to revert to external db for us.

6.5 will be the last version to support external databases, the federated architecture of 7.5 will not be able to. If you are unable to use 7.0 and the embedded DB because of load, then you will have to stay with 6.5.

As for the HA operation, this architecture is nothing like the 4.x, 7.x is based on SmartCenter where HA management has been working for a long time.

[dingo8mybaby]

That’s for the additional information – I’ll have a proper look at it when we start getting serious about Vista.