[Gnumed-devel] Approaches to maintain clinical data uptime

[James Busser]

Whatever company provides me server (and related) service support  
will ned to know what I want. They will also make some  
recommendations which I will be happy to share. But I thought it  
could be helpful to pool people's ideas, options or favored  
approaches, I could then stick that up on the wiki.

Beyond maintaining OS (including security) updates along with some  
periodic checking of integrity of the hardware and for security risks  
--- which die-hards doctors might rather do themselves --- what would  
people propose or add as "minimums", "recommended" and "optional" among

- primary server... should have 2 hard drives in a hardware RAID 1  
array, so that if one drive dies, the box stands a chance of running  
uninterrupted (i.e. zero downtime)? This does remain vulnerable to  
the box "dying" at least temporarily whether through failure of the  
power supply or controller, the box getting damaged or stolen etc.

- would people bother to keep a spare drive available to swap out  
when one fails, and/or to arrange for a local merchant to keep one  
stocked

- what about one's router/firewall which could fail...  would people  
want to know they can quickly get another of the same model so they  
can just upload their stored configuration (or if they were planning  
to change routers, to already have in their possession the  
replacement to make sure they are adequately familiar with any quirks)?

- backup server... ought this undergo all of the same hardening as  
the primary server and will it need all of the same system  
maintenance and monitoring (for breaches etc) as the primary server?  
Is there a way to simplify this by making the backup server the  
equivalent of an extra RAID drive? Or is the best that can be done is  
to setup and manage the backup machine as a "whole extra" machine,  
just mirroring the data? Which approach(es) permit --- from within  
GNUmed --- quickly "switching" to read and write from/to the backup  
server in the event that the primary fails?

-  the primary and backup servers ought to be physically separate, to  
secure them against simultaneous physical damage or theft... would  
everybody want the primary to be local, out of a view that to  
colocate it elsewhere will be much slower?  Or would anyone prefer it  
to be offsite for better environmental control, and possibly improved  
security against theft?

Would people run their media archive off their primary or backup  
server? Presumably better configured to be done off the backup server  
but, if it is located elsewhere, the media becomes a pain to manage?