Ok! Ok! I have been beaten into submission...resistance is futile.
I originally wanted people to convince me that Solaris on Intel was
a viable option for a compute cluster, and instead I have been
thoroughly convinced that Linux is the way to go.
Most often suggested was Linux (19) (+ Beowulf (7)) (several recommended
Debian specifically), but also recommended were Digital Unix (1),
BSDi (2), SCO UNIXWARE 7.x (1), Solaris (3).
As for the security concerns, many felt it was a toss-up, some thought
that Solaris security is better, and several (including a Sun employee
who shall remain nameless) said that "truth be told" Linux is more
secure out-of-the-box than Solaris. Several commented that if you set up
your cluster right then you only have to secure one or several of the
boxes anyway.
Notables:
1) Hardware support on Intel is far better with Linux; many commented
that Solaris/Intel hardware support was sadly lacking.
"My personal opinion is that I'd rather do security on Linux than deal
with hardware compatibility issues on Solaris x86." -- Ronald Loftin
2) "Solaris x86 NFS is HORRIBLY broken"
3) For the Linux/Beowulf solution see: http://www.beowulf.org/
4) Sun Cluster server does not do load balancing or processor sharing
5) "Has Solaris/Intel a kernel-level firewall, which you can
use to secure the cluster? Is OpenSSH ported to
Solaris/Intel? Do you want to install it on every machine
of the cluster (instead of installing a package for your
preferred Linux distribution with the automated update
mechanism)?" -- Toens Bueker
6) Linux is faster and requires less memory, and supports load balancing
and processor sharing.
7) I thought this reply from Josh Wyatt was worth sharing in its entirety:
If security is your concern, you should go with Linux over Solaris. The
insecure things in the Unix world are NFS and other RPC-based services, and
"forgotten" services left running. Linux's portmapper has built-in
tcp_wrapper support (in fact, tcp_wrappers is installed by default and setup
to secure every entry in inetd.conf). Sun can never seem too get it through
their heads that RPC is terribly insecure.
Another security issue is sun's tooltalk database daemon; it's an RPC
service that has been remote-root-exploitable from day one of its
instantiation, and sun STILL hasn't managed to close that hole (despite 18
or so patches!). Check securityfocus.com for more info on that.
Do the same thing on Linux you would do on Solaris: shutdown any services
you won't use.
Linux probably also has a better clustering solution for distributed
computing (beowulf: http://www.beowulf.org). It was invented at NASA and
is used there as well as the NOAA to predict weather
(http://www.publicaffairs.noaa.gov/releases99/sep99/noaa99061.html).
Beowulf is basically an optimized MPI/PVM/MPP architecture. Check out their
homepage above, it lists dozens of clusters in production.
In regards to Solaris clustering, your performance may go up if you plan on
buying quad-cpu or better x86 clients. Your options there are pretty much
PVM/MPI/MPP for distributed computing. It's not a bad development
environment either since that's what the distributed world has pretty much
standardized on.
Hope this helps, Josh Wyatt
8) A dissenting opinion:
"Sun clustering is more advanced than on Linux. In spite of all the
hooplah about beowulf clusters and the like, you can get actual support
for Sun clustering instead of reading a HOW-TO." -- Duane Gran
9) Articles on security "Armoring Linux" and "Armoring Solaris":
www.enteract.com/~lspitz
10) Patch administration under Linux is much easier than Solaris
Thanks to:
Jeff Zabek
Thomas Wardman
David Evans
Tim Carlson
dana@dtn.com
Don Krause
Toby A. Rider
Walter Reed
Harvey Wamboldt
Kevin M. Korb
Ross Lonstein
Riccardo Veraldi
Toens Bueker
Hendrik Visage
Hannes Visagie
Baurjan Ismagulov
Tim Evans
Robert Alexander
Josh Wyatt
F.M. Taylor
Seth Rothenberg
Ronald Loftin
Duane Gran
Leo Crombach
Kevin Colagio
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
David Foster National Center for Microscopy and Imaging Research
Programmer/Analyst University of California, San Diego
dfoster@ucsd.edu Department of Neuroscience
(858) 534-7968 http://www-ncmir.ucsd.edu/
[All opinions expressed are mine -- duh]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:09 CDT