[Beowulf] How Can Microsoft's HPC Server Succeed?

Jim Lux james.p.lux at jpl.nasa.gov
Sun Apr 6 09:08:34 PDT 2008


Quoting Chris Samuel <csamuel at vpac.org>, on Sat 05 Apr 2008 06:46:03 PM PDT:

>
> ----- "Jim Lux" <james.p.lux at jpl.nasa.gov> wrote:
>
>> Quoting Chris Samuel <csamuel at vpac.org>, on Fri 04 Apr 2008 12:47:09 AM PDT:
>>
>> > Seriously though, my concern is about the impact of the
>> > essential anti-virus, anti-malware and anti-spyware
>> > software on each node of the system be ?
>>
>> Why would you need such a thing?  Are you reading email and browsing
>> the web from you cluster nodes?  Do you have users downloading the
>> latest e-birthday card or nifty *free* game on the nodes.  I think
>> not.  They're sitting behind a head node or similar.
>
> Maybe, or maybe they're submitting their compiled executable from
> a Windows GUI on their desktop, which just happens to be the same
> machine that they use for reading email, Internet Exploder, et. al.


But how many viruses actually corrupt exe's produced by the  
development tool chain?  The viruses do "bad things" for the user's  
machine, but the propagation methods tend not to be things like  
"embedded evil code in compiled exes", just because so few people  
actually do any development that the growth medium isn't particularly  
rich.

And, again, assuming they do have some evil program (either  
inadvertently via virus infestation or explicitly, because the user is  
a bad guy)... what's the damage?  Presumably you have decent file  
system protection so that user A can't do bad things (or even see)  
user B's files.  All that happens is bad guy User A zaps their own  
stuff.



>
>> I wouldn't put AV software of any kind on the nodes.  heck, if you
>> have a problem, you'd just wipe and reinstall from known good media.
>
> True, but without A/V software you'd need to rely on other methods
> to detect that you had a problem (node dies, your IDS system picks
> up outbound SMTP, IRC, etc, connections, etc).


Sure.. you let your cluster issue outbound network traffic to the big  
wide internet?  This is probably harder to actually allow than to  
prevent.  Most clusters have a "totally inside the cluster" network  
that's only implicitly bridged to the outside world through the  
headnode.  Even in the wide open consumer Windows world, they don't  
automatically bridge all the traffic between network interfaces.


>
>> > Who could seriously consider running *any* Windows box these
>> > days without them ?
>>
>> If you're running quasi-real time software (e.g. Labview) doing
>> instrument controls?
>
> Hmm, I suppose so, but to be honest it'd scare the daylights out of me. :-)

All a matter of experience...

>
>> It's perfectly reasonable to run Windows machines without virus
>> checkers, etc., if you have a fairly decent software configuration
>> management process in place.
>
> Academic researchers do seem to have this ability to
> accidentally get around these sorts of things, unless
> you've removed the floppy, CD/CD and plugged the USB
> ports with glue.. :-)


Sure, and those researchers have to live with the consequences if they  
screw up the system.  But, also, recall the general model we were  
discussing.. smallish cluster to support some commercial application  
(say, a computationally intensive FEM code).  In this scenario, the  
cluster is basically sort of a "network attached appliance".  There  
are lots of network attached storage devices out there (e.g. from  
Maxtor) using some form of Windows as the OS.  They tend not to have  
AV stuff, just because the software on the appliance is fairly tightly  
configuration managed (i.e. nobody goes out running random programs on  
the NAS box).  It's just not a huge threat.

jim




More information about the Beowulf mailing list