Is 1 Hour Downtime Required For Installing Firewall?

Is 1 hour network reconfiguration downtime unavoidable with every Hosting Provider?


Today I got explanation from RackSpace why they needed to bring my server down for an hour when they install Hardware firewall (see below).


Could you comment if it's really necessary have 1 hour downtime in that case?

Here's how I see appropriate maintenance:
- Install and plug Firewall's power and external network cable without touching production server (no downtime yet).
- Connect test machine behind firewall and test if firewall works properly (no downtime yet).
- Switch network cable so it connects Production server to Hardware Firewall (20 seconds downtime).

Why couldn't the maintenance be done that way?



Anyway, here's response from RackSpace:
=======
I have answered questions 1-3 below and will be passing this ticket over to our network technicians in order to get questions 4-6 answered for you.

1) Why installing hardware firewall brought my server down by almost an hour? When working this type of maintenance to add firewall:

1. Mark ticket In Progress
2. Grab parts for maintenance
3. Put Public comment in ticket we are starting maintenance.
4. Log into server(at console or remotely).
5. Verify if other users are logged in.
5a. If users are logged in, we send them a message stating server is shutting down in X minutes.
5b. If no users are logged in, go to next step.
6. Shut server down.
7. Open the server.
8. Remove back plate from an open PCI slot.
9. Install PIX 501 card into PCI slot.
10. Screw PIX 501 power supply card in place.
11. Find open Powersupply connection and connect it to back of PIX 501 power card, since this will provide power for firewall.
12. Put side panel back on whitebox.
13. Install the firewall below the rack. We have to mount it to the rack the whitebox sits on. These are racked underneath the rack for each whitebox server. We use zip ties to hold it to the rack in place.
14. Put server back on rack.
15. Plug in power and network connections.
16. Connect console to server and verify server boots up fine.
17. Log in at console and verify it can ping NAT Gateway IP(192.168.100.1)
18. Verify if server can pint out to google or some other site

19. If we are unable to ping out or ping gateway IP, we will have to double check network connections and work with NetSec to resolve issues. This could be port speed issue since the PIX 501 firewalls require the port speed to be at 10Mb.

20. If server is pinging out fine, DCOPS will come back into DCOPS room and verify we can get to server remotely.
21. If server is not remotely accessible, we will have to go back to console and see if they are running any firewall software that is preventing access or if port RDP is using is changed.
21. Change status of server to online complete.
22. Send Public comment stating server is back online.
23. Close ticket.
24. Route Contract Received ticket for firewall over to Network Security to have them online firewall.

Downtime was necessary to install PIX 501 power card since the firewall gets power through this card.

2) How 1 hour downtime goes together with "Zero downtime" RackSpace slogan? Zero downtime means that your network will be up 100% of the time. However when upgrading your configuration (adding a firewall) there needs to be a certain amount of downtime in order to add this firewall to your configuration. Whenever a hardware upgrade is made there will be hardware downtime involved. The amount of time will vary depending on the hardware upgrade.

3) Why the length of downtime was communicated to me only at the beginning of downtime, and not some time prior to that? As we spoke about over the phone today I apologized for XXX not conveying the amount of downtime you will have during this maintenance. I have already spoken with him about this and moving forward if there are any maintenances that need to take place on your account your new Account Manager YYY and XXX will make sure and go into exact detail about the amount of downtime you should expect. Consider this mis-communication taken care of from now on.
=======


Is it really necessary to shut down production server just to plug Hardware Firewall power?