direvus@xxxxxxxxx ("Brendan Jurd") writes:
> On 11/11/06, Brad Nicholson <bnichols@xxxxxxxxxxxxxxx> wrote:
>> On Fri, 2006-11-10 at 15:07 -0500, Tom Lane wrote:
>> > "Brendan Jurd" <direvus@xxxxxxxxx> writes:
>> > > So, my question for the list is: is Slony + log shipping the direction
>> > > I should be investigating, or is there something else out that I ought
>> > > to consider?
>> >
>> > Those are two different methods: you'd use one or the other, not both.
>>
>> Slony has its own log shipping, I think that was what he was referring
>> to.
>
> Indeed I was; sorry if my terminology caused confusion.
>
> The reason I am looking at Slony with log shipping is that it can
> operate across a one-way connection, whereas plain Slony requires
> communication in both directions. A bi-directional connection would
> negate the purpose of having two separate databases, which is to
> protect the internal database (and the internal network as a whole)
> from a compromised external system.
>
> If we were willing to have a bi-directional connection, I don't see
> any further disadvantage in allowing the external application(s) to
> connect straight into our internal postgres database over the IPsec
> tunnel, and ignoring the replication issue entirely.
Let me point out one possible downside to using Slony-I log shipping;
it may not be an issue for you, but it's worth observing...
Log shipping works via serializing the subscription work done on a
subscriber to files. Thus, you MUST have at least one subscriber in
order to have log shipping work. If that's a problem, that's a
problem...
--
(format nil "~S@~S" "cbbrowne" "acm.org")
http://linuxfinances.info/info/oses.html
Microsoft Outlook: Deploying Viruses Has Never Been This Easy!
