[Beowulf] How Can Microsoft's HPC Server Succeed?

Chris Samuel csamuel at vpac.org
Wed Apr 16 00:02:02 PDT 2008


----- "Jim Lux" <james.p.lux at jpl.nasa.gov> wrote:

> But how many viruses actually corrupt exe's produced by the  
> development tool chain?

Exe infectors are not unknown.

A recent (though fairly tame) example - "W32.Tvido.B!inf is
a virus that infects executable files on all drives on the
compromised computer."

Nobody is immune to these things, the VMAGIC proof of concept
UNIX virus was a COFF executable infector. :-)

> And, again, assuming they do have some evil program (either  
> inadvertently via virus infestation or explicitly, because
> the user is a bad guy)... what's the damage?

The main payloads these days seem to have gone from
destructive through to covert. 

> Sure.. you let your cluster issue outbound network
> traffic to the big wide internet?

Unfortunately we have had to, it has become impossible
to deny our users this these days with requirements to
hit offsite databases & data stores.

We have 676 registered users at the moment, and virtually
all of those are staff at our member universities..

> This is probably harder to actually allow than to  
> prevent.  Most clusters have a "totally inside the
> cluster" network  that's only implicitly bridged to
> the outside world through the headnode.

Yeah, we DNAT outbound through our management nodes.

> Sure, and those researchers have to live with the consequences if they
> screw up the system.  But, also, recall the general model we were  
> discussing.. smallish cluster to support some commercial application 
> (say, a computationally intensive FEM code).  In this scenario, the  
> cluster is basically sort of a "network attached appliance".

Ahh, but that's not what I'm talking about, I'm talking
about academic deployments of general research HPC
clusters where random researchers from that Uni
(or external collaborators) login and run code on it.

A very different threat environment.

cheers,
Chris
-- 
Christopher Samuel - (03) 9925 4751 - Systems Manager
 The Victorian Partnership for Advanced Computing
 P.O. Box 201, Carlton South, VIC 3053, Australia
VPAC is a not-for-profit Registered Research Agency



More information about the Beowulf mailing list