[Beowulf] iptaled
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Joe Landman landman at scalableinformatics.comThu Sep 29 18:20:28 PDT 2005
- Previous message: [Beowulf] iptaled (was: hpl size problems)
- Next message: [Beowulf] iptaled
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris Samuel wrote: > On Thu, 29 Sep 2005 11:03 pm, Bogdan Costescu wrote: > >> Isn't then better to just put the whole network behind some >> firewall and forget about protection ? > > In my experience all the clusters I've seen have the compute nodes on private > IP networks behind the head/management nodes. I have seen one university instance where every compute node had a public interface. I never quite understood that, and the person who built it (who is a pretty bright person himself) explained it in terms of "the grid" and the authentication broker/gateways. He was (and is) into the grid bit, but I never saw this as a preferred approach for a production system. Putting each node in your cluster on the public net, significantly increases your security perimeter, increases the amount of monitoring you need to do, and should generally keep you awake at night. Even with IPtables and other tools, you are still more exposed than not. There may be a set of perfectly valid reasons to do this, but in the end you have to balance security (reducing exposure points to a controllable few) versus functionality. -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics LLC, email: landman at scalableinformatics.com web : http://www.scalableinformatics.com phone: +1 734 786 8423 fax : +1 734 786 8452 cell : +1 734 612 4615
- Previous message: [Beowulf] iptaled (was: hpl size problems)
- Next message: [Beowulf] iptaled
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list