Comments on: Catch-up http://mcwresearch.com/archives/356 Things I think I've thought about Wed, 06 Jan 2010 16:45:57 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Michael http://mcwresearch.com/archives/356/comment-page-1#comment-406 Michael Tue, 19 Dec 2006 17:15:19 +0000 http://mcwresearch.com/archives/356#comment-406 Unfortunately I'm unable to name the vendor. You are correct, on the front end NAS we're connected directly with iSCSI. To connect to the back-end NAS devices we use CIFS. We were able to put ACL's on the clustering appliance as well as the gateway firewall strictly controlling CIFS access. Today I used Microsoft's <a href="http://www.microsoft.com/windowsserver2003/technologies/security/configwiz/default.mspx" rel="nofollow">Security Configuration Wizard (SCW)</a> to do most of the hardening work. Its great because you get the platform built to a production state first (but keeping it in a protected state) then run SCW and it analyzes the server and detects the services and configurations currently used. Pretty handy for system hardening, plus you can save the generated policy and then deploy it to all similar machines in the cluster. Unfortunately I’m unable to name the vendor.

You are correct, on the front end NAS we’re connected directly with iSCSI. To connect to the back-end NAS devices we use CIFS.

We were able to put ACL’s on the clustering appliance as well as the gateway firewall strictly controlling CIFS access.

Today I used Microsoft’s Security Configuration Wizard (SCW) to do most of the hardening work. Its great because you get the platform built to a production state first (but keeping it in a protected state) then run SCW and it analyzes the server and detects the services and configurations currently used. Pretty handy for system hardening, plus you can save the generated policy and then deploy it to all similar machines in the cluster.

]]> By: Matt http://mcwresearch.com/archives/356/comment-page-1#comment-405 Matt Tue, 19 Dec 2006 16:22:21 +0000 http://mcwresearch.com/archives/356#comment-405 Redundant NAS? What vendor were you using out of curiosity (if you can state it), and were you exposing it via CIFS or iSCSI (I'm assuming the latter)... Just curious. Redundant NAS? What vendor were you using out of curiosity (if you can state it), and were you exposing it via CIFS or iSCSI (I’m assuming the latter)…

Just curious.

]]> By: Michael http://mcwresearch.com/archives/356/comment-page-1#comment-404 Michael Tue, 19 Dec 2006 01:59:50 +0000 http://mcwresearch.com/archives/356#comment-404 Yeah, reading it now I sound awkward. The project drained me completely by day 3...but at the end of the three days we had a solid solution that incorporated a web-clustering appliance with redundant web servers, redundant NAS data storage devices and a redundant back-end. So it paid off. I just wish I could discuss the technology more specifically. Yeah, reading it now I sound awkward. The project drained me completely by day 3…but at the end of the three days we had a solid solution that incorporated a web-clustering appliance with redundant web servers, redundant NAS data storage devices and a redundant back-end. So it paid off. I just wish I could discuss the technology more specifically.

]]> By: LonerVamp http://mcwresearch.com/archives/356/comment-page-1#comment-403 LonerVamp Mon, 18 Dec 2006 21:07:54 +0000 http://mcwresearch.com/archives/356#comment-403 That was awesome and rather vague. :) That was awesome and rather vague. :)

]]>