[Lustre-discuss] lustre and latest errata kernel
Brian J. Murrell
Brian.Murrell at Sun.COM
Tue Aug 5 10:49:05 PDT 2008
On Tue, 2008-08-05 at 20:30 +0300, Dimitris Zilaskos wrote:
>
> Since the systems serving as file servers will be dedicated to that
> purpose and thus not be accessible to others but only to staff, it is my
> view that it would be adequate to run Sun provided kernels on them.
Indeed. That is how most of our installations run and thus only remote
exploits are of the very critical nature.
> For systems that act as clients and are open to users, I am evaluating the
> patchless lustre client option under our workloads. If the performance
> difference is acceptable, we may stick with it. Do you, or any other, have
> any comment on this approach?
Indeed, we highly recommend patchless clients, especially in cases where
you need to remain absolutely current with errata kernels. In fact it
would not be surprising if the need for security took precedence over
any measurable performance impact patchless clients may have. Afterall,
a performance problem at the client side can usually be remedied by
adding more clients. There's no such remedy for security issues.
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lustre.org/pipermail/lustre-discuss-lustre.org/attachments/20080805/e366a638/attachment.pgp>
More information about the lustre-discuss
mailing list