[Beowulf] How Can Microsoft's HPC Server Succeed?
james.p.lux at jpl.nasa.gov
Sun Apr 6 09:08:34 PDT 2008
Quoting Chris Samuel <csamuel at vpac.org>, on Sat 05 Apr 2008 06:46:03 PM PDT:
> ----- "Jim Lux" <james.p.lux at jpl.nasa.gov> wrote:
>> Quoting Chris Samuel <csamuel at vpac.org>, on Fri 04 Apr 2008 12:47:09 AM PDT:
>> > Seriously though, my concern is about the impact of the
>> > essential anti-virus, anti-malware and anti-spyware
>> > software on each node of the system be ?
>> Why would you need such a thing? Are you reading email and browsing
>> the web from you cluster nodes? Do you have users downloading the
>> latest e-birthday card or nifty *free* game on the nodes. I think
>> not. They're sitting behind a head node or similar.
> Maybe, or maybe they're submitting their compiled executable from
> a Windows GUI on their desktop, which just happens to be the same
> machine that they use for reading email, Internet Exploder, et. al.
But how many viruses actually corrupt exe's produced by the
development tool chain? The viruses do "bad things" for the user's
machine, but the propagation methods tend not to be things like
"embedded evil code in compiled exes", just because so few people
actually do any development that the growth medium isn't particularly
And, again, assuming they do have some evil program (either
inadvertently via virus infestation or explicitly, because the user is
a bad guy)... what's the damage? Presumably you have decent file
system protection so that user A can't do bad things (or even see)
user B's files. All that happens is bad guy User A zaps their own
>> I wouldn't put AV software of any kind on the nodes. heck, if you
>> have a problem, you'd just wipe and reinstall from known good media.
> True, but without A/V software you'd need to rely on other methods
> to detect that you had a problem (node dies, your IDS system picks
> up outbound SMTP, IRC, etc, connections, etc).
Sure.. you let your cluster issue outbound network traffic to the big
wide internet? This is probably harder to actually allow than to
prevent. Most clusters have a "totally inside the cluster" network
that's only implicitly bridged to the outside world through the
headnode. Even in the wide open consumer Windows world, they don't
automatically bridge all the traffic between network interfaces.
>> > Who could seriously consider running *any* Windows box these
>> > days without them ?
>> If you're running quasi-real time software (e.g. Labview) doing
>> instrument controls?
> Hmm, I suppose so, but to be honest it'd scare the daylights out of me. :-)
All a matter of experience...
>> It's perfectly reasonable to run Windows machines without virus
>> checkers, etc., if you have a fairly decent software configuration
>> management process in place.
> Academic researchers do seem to have this ability to
> accidentally get around these sorts of things, unless
> you've removed the floppy, CD/CD and plugged the USB
> ports with glue.. :-)
Sure, and those researchers have to live with the consequences if they
screw up the system. But, also, recall the general model we were
discussing.. smallish cluster to support some commercial application
(say, a computationally intensive FEM code). In this scenario, the
cluster is basically sort of a "network attached appliance". There
are lots of network attached storage devices out there (e.g. from
Maxtor) using some form of Windows as the OS. They tend not to have
AV stuff, just because the software on the appliance is fairly tightly
configuration managed (i.e. nobody goes out running random programs on
the NAS box). It's just not a huge threat.
More information about the Beowulf