Last week, Sun Microsystems Inc. announced the debut of its Sun Grid Compute Utility, available at www.network.com....
The world's first grid available for public, commercial use, Sun Grid was created to serve customers big and small needing inexpensive, simple access to large-scale computing resources.
But within hours, Sun Grid was brought to its knees by a distributed denial-of-service (DDOS) attack, necessitating an emergency login procedure change. While grid computing may very well revolutionize enterprise computing, the incident underscores the security risks that could prove quite harrowing for enterprises that rely on grid computing.
On the grid
In a nutshell, a computing grid harnesses the power of thousands of interconnected processors -- and their associated storage -- as a single entity, without the mediation of a network. The resulting grid offers the processing power of a supercomputer for a fraction of the cost.
Grids are nothing new: IBM and Hewlett-Packard Co. already have enterprise-level off-site grids, and the Sun Grid has been available to existing clients since August.
"This provides a terrific way for an organization to test the benefits of grid computing before committing whole-heartedly to a grid approach," suggested Eric Ogren, security analyst with the Milford, Mass.-based Enterprise Strategy Group.
What is new is that vendors and customers alike must now consider grid security as a part of a company's overall security strategy. "With our [grid computing] clients, we spend the most time discussing security," reports David V. Gelardi, IBM's vice president of deep computing. Most grids use a large number of identical processors running identically-configured operating systems, and that uniformity helps grid managers to monitor security issues more easily.
Securing the grid
Naturally, grids are protected from external attacks with the same tools that enterprise networks use, including firewalls, authenticated access, public key cryptography and configuration management. In addition, Sun Grid users must apply for an account and satisfy government requirements.
However, Gelardi said because of the nature of the interaction between a customer and the grid, further security considerations are needed. He said IBM sets up a VPN -- usually hardware-based -- in such a way so that grid processors are moved into the VPN at the start of a session and out at its conclusion. Client-side access to the grid is limited to named users only.
The DDOS attack against Sun Grid "should be very troubling," Gelardi said, citing Sun's lack of experience. However, in Sun's view, the attack illustrated that the system worked just as it should.
Rohit Valia, group product manager for the Sun Grid, said the attack was levied against a sample text-to-speech application that was made available without a login requirement. "When the attack occurred, we took it in stride by moving the application inside where login is required."
Valia noted that applications on the Sun Grid cannot make calls to external machines. In effect, applications run in virtual containers, enforced by both monitoring devices and staff.
Ogren said to control access to sensitive data, grid systems must have authenticated access control, SSL communications, filtering and auditing of sensitive data, and erasure of data after use. Similarly, he said grid hosts must ensure that a previous user or intruder has not left something potentially nasty behind: all code must be wiped out.
Dealing with the grid
Some enterprise security pros may be uncomfortable with using shared resources, but Gelardi believes that psychological barrier can be overcome.
"Business gains absolutely outweigh the security risks," Gelardi said, adding that customers who run a proof-of-concept application often become more comfortable with it.
Ogren said grid computing can be an effective way to speed application time-to-market, affordably test a new computing architecture or reduce costs of an internal grid infrastructure.
"The security risks depend on the intellectual property put into the hosted environment, and those can be managed," he said, adding that ultimately, sophistication in grid security will grow, as will IT's tolerance for the way of the grid.
Edmund X. DeJesus is a freelance writer based in Norwood, Mass.
Dig Deeper on Web Application Security