Grid computing and security uncertainties

By Edmund X. DeJesus, Contributor 04 Apr 2006 | SearchSecurity.com

IT infrastructure news Digg This!     StumbleUpon     Del.icio.us

Last week, Sun Microsystems Inc. announced the debut of its Sun Grid Compute Utility, available at www.network.com. The world's first grid available for public, commercial use, Sun Grid was created to serve customers big and small needing inexpensive, simple access to large-scale computing resources.

For more information: Learning Guide: Grid computing A grid glossary: Top 30 terms

But within hours, Sun Grid was brought to its knees by a distributed denial-of-service (DDOS) attack, necessitating an emergency login procedure change. While grid computing may very well revolutionize enterprise computing, the incident underscores the security risks that could prove quite harrowing for enterprises that rely on grid computing.

What us grid computing?

In a nutshell, a computing grid harnesses the power of thousands of interconnected processors -- and their associated storage -- as a single entity, without the mediation of a network. The resulting grid offers the processing power of a supercomputer for a fraction of the cost.

Grid computing is nothing new: IBM and Hewlett-Packard Co. already have enterprise-level off-site grids, and the Sun Grid has been available to existing clients since August.

"This provides a terrific way for an organization to test the benefits of grid computing before committing whole-heartedly to a grid approach," suggested Eric Ogren, security analyst with the Milford, Mass.-based Enterprise Strategy Group.

What is new is that vendors and customers alike must now consider grid security as a part of a company's overall security strategy. "With our [grid computing] clients, we spend the most time discussing security," reports David V. Gelardi, IBM's vice president of deep computing. Most grids use a large number of identical processors running identically-configured operating systems, and that uniformity helps grid managers to monitor security issues more easily.

Securing the grid

Naturally, grids are protected from external attacks with the same tools that enterprise networks use, including firewalls, authenticated access, public key cryptography and configuration management. In addition, Sun Grid users must apply for an account and satisfy government requirements.

However, Gelardi said because of the nature of the interaction between a customer and the grid, further security considerations are needed. He said IBM sets up a VPN -- usually hardware-based -- in such a way so that grid processors are moved into the VPN at the start of a session and out at its conclusion. Client-side access to the grid is limited to named users only.

The DDOS attack against Sun Grid "should be very troubling," Gelardi said, citing Sun's lack of experience. However, in Sun's view, the attack illustrated that the system worked just as it should.

Rohit Valia, group product manager for the Sun Grid, said the attack was levied against a sample text-to-speech application that was made available without a login requirement. "When the attack occurred, we took it in stride by moving the application inside where login is required."

Valia noted that applications on the Sun Grid cannot make calls to external machines. In effect, applications run in virtual containers, enforced by both monitoring devices and staff.

Ogren said to control access to sensitive data, grid systems must have authenticated access control, SSL communications, filtering and auditing of sensitive data, and erasure of data after use. Similarly, he said grid hosts must ensure that a previous user or intruder has not left something potentially nasty behind: all code must be wiped out.

Managing grid architectures

Some enterprise security pros may be uncomfortable with using shared resources, but Gelardi believes that psychological barrier can be overcome.

"Business gains absolutely outweigh the security risks," Gelardi said, adding that customers who run a proof-of-concept application often become more comfortable with it.

Ogren said grid computing can be an effective way to speed application time-to-market, affordably test a new computing architecture or reduce costs of an internal grid infrastructure.

"The security risks depend on the intellectual property put into the hosted environment, and those can be managed," he said, adding that ultimately, sophistication in grid security will grow, as will IT's tolerance for the way of the grid.

This article originally appeared on SearchSecurity.com. Let us know what you think about the story; e-mail: Matt Stansberry, Site Editor.

Tags: Cloud Computing, grid and utility computing,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Cloud Computing, grid and utility computing Five fallacies of cloud computing The hidden costs of scale-out supercomputing Liquid Web opens 'cloud'-enabling data center Application performance monitoring firm targets cloud computing Novell SLES Mono Extension could put Windows on mainframe, in cloud How mainframes fit into cloud computing Sun launches HPC products as Oracle takeover nears Group works toward energy-efficient high-performance computing IT pros ponder Cisco's Unified Computing System Don't buy cloud computing hype: Business model will evaporate

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Blue Gene  (SearchDataCenter.com) cluster computing  (SearchDataCenter.com) computer-intensive  (SearchDataCenter.com) grid computing  (SearchDataCenter.com) IBM Roadrunner  (SearchDataCenter.com) Linpack benchmark  (SearchDataCenter.com) on-demand computing  (SearchDataCenter.com) SMP  (SearchDataCenter.com) unified computing system (UCS)  (SearchDataCenter.com) utility computing  (SearchDataCenter.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary