Hello!
Quoting <rpna...@gmail.com> (13.01.10 08:06):
> This seemed just so wrong to me in so many ways but i was curious if
> there are legitimate reasons why people might do this? Just curious.
I see both approaches. Even the private LAN is the more common solution.
There are applications which needs interaction with some graphical frontend
on the workstation of the user. Other reasons are braindead license servers
which are not NATable. Like the ones used by Catia or LS-DYNA. Management
could be much easier when the administrator is able to contact every device
directly from his workstation.
Of course all of those examples won't need public IPs. A range of campus or
company wide routed private IPs is good enough. Remeber 2010 is the last
year where IANA is able to provide IP space :-)
The private LAN has the big advantage of beeing a "protected zone". Usually
located in a locked datacenter. Exporting NFS or any kind od cluster
filesystem to the whole subnet is much, much easier then using dedicated
exports or netgroups for each node. Several cluster related tools are not
filtering requests and are vulnerable by spoofing attacks. I mainly think of
Ganglia or syslogd which accepts any UDP package sent to them. Opening the
cluster LAN means always an additional effort to keep the system secure.
So both approaches makes sense. It depends on your needs and your existing
environment. And also on your experience in system and network security.
Beat
--
\|/ Beat Rubischon <b...@0x1b.ch>
( 0^0 ) http://www.0x1b.ch/~beat/
oOO--(_)--OOo---------------------------------------------------
Meine Erlebnisse, Gedanken und Traeume: http://www.0x1b.ch/blog/
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
