My colleague and I discuss the advantages and disadvantages of two potential architectural options, and I would like to hear comments on the best options and why.
First, a description of the environment: We have a network segmented vertically into several levels. Level A corresponds to our level of Internet access, with a firewall controlling access limits of level A to the Internet and vice versa. We then have level B which is separated with a firewall controlling access to level A. Then we have level C which is separated with a firewall controlling access to level B. Therefore , level C is more reliable than level B, which is more reliable than level A.
In order to reduce the volume of firewall traffic and tighten the firewall rules associated with what can communicate between levels, we decided to set up a ubuntu mirror at each level, from which machines at this level will be updated (for example, Update Machine B from Level B Repository, Update Level C Machine from Level C Repository, etc.)
Now the options:
Option 1: Create a mirror on Level A that mirrors mirror from archive.ubuntu.com, then create a mirror on level B that reflects in the A-level mirror, and then create a mirror on level B that matches the mirror of level B.
Option 2: Create a mirror on Level B, which reflects Mirror from archive.ubuntu.com, and then create a mirror on levels A and C, both of which are updated from the B-level mirror.
We have both discussed the pros and cons of these methods, as well as our justifications for both options, but I do not wish to introduce bias. I will not publish our justifications for one or the other of these two options.
Thank you very much.