Quoting Chris Samuel <[EMAIL PROTECTED]>, on Sat 05 Apr 2008 06:46:03 PM PDT:
----- "Jim Lux" <[EMAIL PROTECTED]> wrote:
Quoting Chris Samuel <[EMAIL PROTECTED]>, on Fri 04 Apr 2008 12:47:09 AM PDT:
> Seriously though, my concern is about the impact of the
> essential anti-virus, anti-malware and anti-spyware
> software on each node of the system be ?
Why would you need such a thing? Are you reading email and browsing
the web from you cluster nodes? Do you have users downloading the
latest e-birthday card or nifty *free* game on the nodes. I think
not. They're sitting behind a head node or similar.
Maybe, or maybe they're submitting their compiled executable from
a Windows GUI on their desktop, which just happens to be the same
machine that they use for reading email, Internet Exploder, et. al.
But how many viruses actually corrupt exe's produced by the
development tool chain? The viruses do "bad things" for the user's
machine, but the propagation methods tend not to be things like
"embedded evil code in compiled exes", just because so few people
actually do any development that the growth medium isn't particularly
rich.
And, again, assuming they do have some evil program (either
inadvertently via virus infestation or explicitly, because the user is
a bad guy)... what's the damage? Presumably you have decent file
system protection so that user A can't do bad things (or even see)
user B's files. All that happens is bad guy User A zaps their own
stuff.
I wouldn't put AV software of any kind on the nodes. heck, if you
have a problem, you'd just wipe and reinstall from known good media.
True, but without A/V software you'd need to rely on other methods
to detect that you had a problem (node dies, your IDS system picks
up outbound SMTP, IRC, etc, connections, etc).
Sure.. you let your cluster issue outbound network traffic to the big
wide internet? This is probably harder to actually allow than to
prevent. Most clusters have a "totally inside the cluster" network
that's only implicitly bridged to the outside world through the
headnode. Even in the wide open consumer Windows world, they don't
automatically bridge all the traffic between network interfaces.
> Who could seriously consider running *any* Windows box these
> days without them ?
If you're running quasi-real time software (e.g. Labview) doing
instrument controls?
Hmm, I suppose so, but to be honest it'd scare the daylights out of me. :-)
All a matter of experience...
It's perfectly reasonable to run Windows machines without virus
checkers, etc., if you have a fairly decent software configuration
management process in place.
Academic researchers do seem to have this ability to
accidentally get around these sorts of things, unless
you've removed the floppy, CD/CD and plugged the USB
ports with glue.. :-)
Sure, and those researchers have to live with the consequences if they
screw up the system. But, also, recall the general model we were
discussing.. smallish cluster to support some commercial application
(say, a computationally intensive FEM code). In this scenario, the
cluster is basically sort of a "network attached appliance". There
are lots of network attached storage devices out there (e.g. from
Maxtor) using some form of Windows as the OS. They tend not to have
AV stuff, just because the software on the appliance is fairly tightly
configuration managed (i.e. nobody goes out running random programs on
the NAS box). It's just not a huge threat.
jim
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
