We currently host a large number of our application servers in a 3rd party data centre. Connectivity is then provided to our users across Europe through the vendor’s network. These machines run Solaris 10 on x86 hardware. We have access to the user accounts for our applications but have no administrative access.
A new client application we are developing is highly latency sensitive, saving 1ms would be considered a big win. To this end we intend to host it in the same data centre as close as possible to the other servers. This machine will be running some variant of Windows Server and be administered remotely by one of our teams.
The data centre has stated that this must be on its own private network and a firewall must sit between this network and their wider network. This makes sense in terms of general access, administration and so forth as they must protect their own network.
For this single application though, would it be possible to have a direct connection between our two machines? I imagine a dedicated network interface on each machine and a direct cable between the two. The Solaris machine (on their network) can be configured to only allow access on the port required by our client application on the windows machine (on our network). Seeing as we have no way to change the networking configuration on the Solaris machine then there should be no security risk to them?
If it’s in the same DC, then yes, add separate NICs to the machines then run a crossover cable (or the equivalent) between them. You probably want to go with 10 GbE using SFP+ Direct Attach connections.
Make sure your NIC/drivers do as much offloading as possible, and do it under your OS. You’ll probably want to tune the OS as well, to have rules that let the data through your firewalls quickly, and so on. If you REALLY need every ounce and are willing to spend a lot of time to achieve it, you can look into writing custom low-level protocols, bypassing the higher levels of the network stack on your OS, and so on. If you google, you’ll find talks about stock exchanges doing this sort of stuff, as latency is their biggest enemy.
Check more discussion of this question.