1 / 8

SRB Gridbrick Administration

Geoffrey Avila SDSC IT Systems avlg@sdsc.edu. SRB Gridbrick Administration. 5+ years of experiments with affordable storage Parallels our Linux experience …gradually, technology matures. Some History…. A managed system is a secure system Security means behavior is predictable

veta
Télécharger la présentation

SRB Gridbrick Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Geoffrey Avila SDSC IT Systems avlg@sdsc.edu SRB Gridbrick Administration

  2. 5+ years of experiments with affordable storage Parallels our Linux experience …gradually, technology matures. Some History…

  3. A managed system is a secure system Security means behavior is predictable Guards against deliberate and accidental data loss Management is easier when centralized. We have hundreds of machines, dozens of platforms Need to Know: Who has access? Which patches are installed? What services are running? Where are my files? Maintenance

  4. Maintenance (cont.)For most of our systems, We… Try to use NFS to keep what data needs to be local to a minimum; And use cfengine to maintain the state of local disks. SRB Gridbricks becoming a special case The local data is -all- we care about. NFS adds extra network dependencies. Downtime has to be kept to a minimum. Patching Sometimes there are local or even remote kernel exploits. Do you take your downtime now, or hold your breath and wait? Maintenance (cont.)

  5. Try to limit the avenues for attack. Don’t install what isn’t necessary. Our Gridbricks really only need to have SRB listening on an outside port. A package not installed is a vulnerability avoided. Ditto for device drivers and unnecessary reboots. Who needs access to the system? Do you have an SRB user with a separate password? How is that protected? What about physical access? Maintenance (cont.)

  6. How do you backup a Gridbrick? Do you like tape? Sometimes only SRB can (or should) be used to backup SRB. Filesystems We are using ext3 with sparse superblocks. It’s what comes with Linux. Yes, there are others, but… Performance really a function of hardware. …unless you want to talk about data integrity. Watch your hardware carefully! Other Issues

  7. We had good luck with software RAID And also with network block devices. iSCSI, FreeBSD geom_gate &c. Management tools for a farm of such devices aren’t there yet… We’ll keep looking. What’s Next?

  8. Any Questions?

More Related