Not that I am disagreeing or anything, more questioning...but would we say
OpenBSD is better then Nokia Checkpoint Firewalls (disregarding cost
here)...
-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf Of
Joachim Schipper
Sent: 11 June 2009 10:14
To: misc@openbsd.org
Subject: Re: OpenBSD HA
O n Wed, Jun 10, 2009 at 09:13:33AM -0400, Marcos Ortiz Valmaseda wrote:
let
firewall
could
would
OpenBSD is widely used as a (redundant) firewall: pf is developed on
OpenBSD, and software like pfsync makes it easy to build a redundant
firewall. The network stack has been tuned extensively, etc. In short,
OpenBSD is quite possibly the best firewall platform available today,
and is very likely the best *nix firewall platform. And it's certainly
cheaper than Cisco.
As to PostgreSQL: it works just fine on OpenBSD. I'd encourage you to at
least try (benchmark) it to see if OpenBSD can suit your needs. FreeBSD
wlll do fine as a database platform, too; but OpenBSD has a stronger
focus on security, and - as you point out - running a single OS is
easier.
If you decide not to go with OpenBSD, you may wish to consider
OpenSolaris instead of FreeBSD, which will allow you to use ZFS and
DTrace, both of which may be useful in a PostgreSQL deployment. There
are good reasons not to use (Open)Solaris (you may consider it "not
truly free", Oracle may kill it, you may have trouble finding people
with experience, the userland utilities lack polish, etc), but at least
it does offer some useful things in exchange for the headache of running
two different OSes.
OpenBSD is not usually used on "big iron", so if you want to have one
huge(ly expensive) database server, you may wish to go with something
else. Reputedly, Linux and (Open)Solaris both do well here; I honestly
couldn't tell you if FreeBSD is a good choice.
