80 likes | 209 Views
Geoffrey Avila SDSC IT Systems avlg@sdsc.edu. SRB Gridbrick Administration. 5+ years of experiments with affordable storage Parallels our Linux experience …gradually, technology matures. Some History…. A managed system is a secure system Security means behavior is predictable
E N D
Geoffrey Avila SDSC IT Systems avlg@sdsc.edu SRB Gridbrick Administration
5+ years of experiments with affordable storage Parallels our Linux experience …gradually, technology matures. Some History…
A managed system is a secure system Security means behavior is predictable Guards against deliberate and accidental data loss Management is easier when centralized. We have hundreds of machines, dozens of platforms Need to Know: Who has access? Which patches are installed? What services are running? Where are my files? Maintenance
Maintenance (cont.)For most of our systems, We… Try to use NFS to keep what data needs to be local to a minimum; And use cfengine to maintain the state of local disks. SRB Gridbricks becoming a special case The local data is -all- we care about. NFS adds extra network dependencies. Downtime has to be kept to a minimum. Patching Sometimes there are local or even remote kernel exploits. Do you take your downtime now, or hold your breath and wait? Maintenance (cont.)
Try to limit the avenues for attack. Don’t install what isn’t necessary. Our Gridbricks really only need to have SRB listening on an outside port. A package not installed is a vulnerability avoided. Ditto for device drivers and unnecessary reboots. Who needs access to the system? Do you have an SRB user with a separate password? How is that protected? What about physical access? Maintenance (cont.)
How do you backup a Gridbrick? Do you like tape? Sometimes only SRB can (or should) be used to backup SRB. Filesystems We are using ext3 with sparse superblocks. It’s what comes with Linux. Yes, there are others, but… Performance really a function of hardware. …unless you want to talk about data integrity. Watch your hardware carefully! Other Issues
We had good luck with software RAID And also with network block devices. iSCSI, FreeBSD geom_gate &c. Management tools for a farm of such devices aren’t there yet… We’ll keep looking. What’s Next?