SingPass, CorpPass services back online after hours of 'intermittent access'
GovTech says the service outage is "not a cybersecurity-related issue", but caused by a "server fault".
(Updated: )
Francis Ong
In the space of 2 weeks, Nets and now Singpass system was disrupted . Where is of minister of information and communication ? All these failures and they are still talking smart nation ? What a shame !
Didi Dada ·
I am surprised that there's no mirrored server to cut over in such incident. A server so important in functionality has to have a contingency plan. But wait... everything these days are reactive (another case: heard NTUC going to increase sitting capacity after lots of complaints from customers visiting the Pasir Ris Hawker Centre; no prior planning or screwed up planning you choose LOL)
Ricky Lim ·
How do you know there are no mirrored servers when the primary server is down?
Having redundant server is a norm.
Singpass is a web server - and user access to Singpass is a web access - via DNS for URL / IP address resolution.
If a server is faulty, most likely it will failover to another server with a different IP address.
However, as DNS record is not age out and still pointing to the 1st faulty server, public user access may still be hitting the faulty server - and not directed to the redundant server of the same URL with a different IP address.
This is the most common problem face when web server is faulty (Singpass got to confirm indeed if this is the case).
Like · Reply · 1m · Edited
Having redundant server is a norm.
Singpass is a web server - and user access to Singpass is a web access - via DNS for URL / IP address resolution.
If a server is faulty, most likely it will failover to another server with a different IP address.
However, as DNS record is not age out and still pointing to the 1st faulty server, public user access may still be hitting the faulty server - and not directed to the redundant server of the same URL with a different IP address.
This is the most common problem face when web server is faulty (Singpass got to confirm indeed if this is the case).
Like · Reply · 1m · Edited
Ricky Lim ·
Eg. nslookup for a web server - that need Singpass.
It may reveal that the dns record is an ip address - map to the URL.
But as this server with this ip address is faulty - and is not age out in the dns record - you will keep hitting the same faulty server - instead of failing over to a redundant functioning server with a different IP address.
It may reveal that the dns record is an ip address - map to the URL.
But as this server with this ip address is faulty - and is not age out in the dns record - you will keep hitting the same faulty server - instead of failing over to a redundant functioning server with a different IP address.
Like · Reply · 1m
Ricky Lim ·
Eg. nslookup for a web server - that need Singpass.
It may reveal that the dns record is an ip address - map to the URL.
But as this server with this ip address is faulty - and is not age out in the dns record - you will keep hitting the same faulty server - instead of failing over to a redundant functioning server with a different IP address.
Unless you know the IP address of the redundant server, then you can type the IP address of the redundant server and access the redundant functioning server.
Eg. go to dos prompt.
Type nslookup www.yahoo.com.sg
record the IP address.
Launch a new web page.
Type in the IP address - and then you can go directly into this web page with this ip address - bypassing the use of DNS server (with the yet to age out dns record).
It may reveal that the dns record is an ip address - map to the URL.
But as this server with this ip address is faulty - and is not age out in the dns record - you will keep hitting the same faulty server - instead of failing over to a redundant functioning server with a different IP address.
Unless you know the IP address of the redundant server, then you can type the IP address of the redundant server and access the redundant functioning server.
Eg. go to dos prompt.
Type nslookup www.yahoo.com.sg
record the IP address.
Launch a new web page.
Type in the IP address - and then you can go directly into this web page with this ip address - bypassing the use of DNS server (with the yet to age out dns record).
Like · Reply · 1m · Edited
Ricky Lim ·
Jimmy Sum - yap unless they cluster server via Virtual IP.
But assume there is no local servers to cluster - only secondary DC server? Then cannot cluster across DCs - assume they are not microsoft servers.
Or assume that all redundant local virtual servers cluster with virtual IP fails because the physical server fails - and need to failover to secondary DC server.
In this case, global dns (3dns) applies.
The key is "assume".
But assume there is no local servers to cluster - only secondary DC server? Then cannot cluster across DCs - assume they are not microsoft servers.
Or assume that all redundant local virtual servers cluster with virtual IP fails because the physical server fails - and need to failover to secondary DC server.
In this case, global dns (3dns) applies.
The key is "assume".
Like · Reply · 1m
Ricky Lim ·
But in both scenarios - there are mirrored servers - not no mirrored servers.
In scenario 1, there are 2 servers to mirror.
In scenario 2, there are 4 servers to mirror (2 virtual servers to cluster and mirror, 2 physical servers to mirror).
In scenario 1, there are 2 servers to mirror.
In scenario 2, there are 4 servers to mirror (2 virtual servers to cluster and mirror, 2 physical servers to mirror).
Like · Reply · 1m
Ricky Lim ·
Didi Dada - So what is your point?
Assuming "money not enough"?
Of course if money is plenty - like carrying briefcase with cash everywhere one goes - everything is possible. Can put many physical servers no matter how to cluster and mirror also no problem.
Got to remember woh - every server you put come with duplicate software licenses for apps, for database, for storage, for backup, for operating systems, for network etc.
And all these licenses are not cheap woh - not only one-time capital cost - but also yearly recurrent cost woh......
Everything also money woh. Unless someone willing to pay more tax ah?
Assuming "money not enough"?
Of course if money is plenty - like carrying briefcase with cash everywhere one goes - everything is possible. Can put many physical servers no matter how to cluster and mirror also no problem.
Got to remember woh - every server you put come with duplicate software licenses for apps, for database, for storage, for backup, for operating systems, for network etc.
And all these licenses are not cheap woh - not only one-time capital cost - but also yearly recurrent cost woh......
Everything also money woh. Unless someone willing to pay more tax ah?
Like · Reply · 1m
\
\
Eng Kiang Tay ·
No, it's still not working... trying to access from JobsBank and it failed
Ricky Lim ·
You try again it is working - except abit slow to login.
Like · Reply · 1m
Didi Dada ·
Ricky Lim my point is not what you assumed re $. If $ is what you think can resolve IT issues, go Google ‘worldwide outages’ and see how many global IT companies got into shitty mess unless u think these companies are not rich enough. Anyway you go figure ... enuf said
Ricky Lim ·
Didi Dada - IT project of such scale already cost multiple millions of dollars.
It is possible to build very full redundant system.
It will be another 100% to 200% of the project cost - ie. another multiple million of dollars.
If you have such cash to spare - you can mirror and cluster the server left, right, centre, upside down, inside out, you can even make it do somersault.
The question is, are you willing to pay more taxes?
Now all the power system and signaling system for North South Line and East West line is awarded for redundancy failover to ensure the MRT is more robust and more reliable -- and the $ amount - a whopping $530 million.
Everything also money.
Talk is free, but talk is no cheap you know.
The more you complain, the more tax you got to pay to make system more redundant.
It is possible to build very full redundant system.
It will be another 100% to 200% of the project cost - ie. another multiple million of dollars.
If you have such cash to spare - you can mirror and cluster the server left, right, centre, upside down, inside out, you can even make it do somersault.
The question is, are you willing to pay more taxes?
Now all the power system and signaling system for North South Line and East West line is awarded for redundancy failover to ensure the MRT is more robust and more reliable -- and the $ amount - a whopping $530 million.
Everything also money.
Talk is free, but talk is no cheap you know.
The more you complain, the more tax you got to pay to make system more redundant.
No comments:
Post a Comment