DOCSLIB.ORG

Infrastructure Architecture Essentials, Part 7: High-Performance Computing

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Infrastructure Architecture Essentials, Part 7: High-Performance Computing Infrastructure architecture essentials, Part 7: High-performance computing ... http://www.ibm.com/developerworks/library/ar-infraarch7/ Infrastructure architecture essentials, Part 7: High-performance computing off the shelf Concepts and techniques Sam Siewert ( [email protected] ), Principal Software Architect/Adjunct Professor, University of Colorado Summary: The year 2008 will forever be remembered as the year of the off-the-shelf (OTS) supercomputer, thanks to the Los Alamos National Labs (LANL) and IBM team that constructed the world's first machine to break the peta-FLOP (1,000,000,000,000,000 floating-point operations per second) barrier. Get an overview of OTS strategies to architect high-performance computing (HPC) systems as well as the methods and concepts behind building HPC systems from OTS components and open source software. Date: 09 Dec 2008 Level: Intermediate PDF: A4 and Letter (127KB | 17 pages) Get Adobe® Reader® Activity: 472 views Comments: 0 ( Add comments ) Average rating (based on 1 vote) Continuing the Infrastructure architecture essentials series, this article provides an overview of methods for building HPC systems with OTS components and open source software. Architectures that employ clusters and hybrid nodes composed of traditional multi-core symmetrical multiprocessing (SMP)/non-uniform memory access (NUMA) architectures integrated with single-instruction multiple data (SIMD) Cell-based or graphic processing unit (GPU)-based offloading. Methods for implementing Cell-based and GPU-based offloads are not reviewed here in detail, but you can find numerous excellent references on the topic of Cell-based algorithm acceleration (see Resources ) as well as significant help with GPU offload provided by the NVIDIA Compute Unified Device Architecture (CUDA) environment (see Resources ). Open source code that provides assistance with HPC cluster and hybrid offload applications is prevalent, and the skills and competencies necessary for such architectures are reviewed here to help you get started. Advances in OTS processor complexes Numerous individual architecture advances made by IBM and IBM partners have made OTS HPC a reality. The best proof was provided when the Roadrunner system broke the petaflop (1x10^15 floating-point operations) barrier using OTS IBM® BladeCenter® server boards this past summer (see Resources ). The Roadrunner system employs two BladeCenter QS22 blades with IBM PowerXCell™ 8i processors and an LS21 AMD Opteron processor in a tri-blade configuration. The Roadrunner system currently is first on the Supercomputing TOP500 list (see Resources ). Here's a quick review of the emerging OTS technologies that are making OTS HPC possible: Virtualization software. The emergence of software that makes one resource look like many and many resources look like one, first demonstrated by IBM with the original mainframe virtual machine (VM), is fundamental to authoring scalable applications that can exploit large clusters of OTS processing, memory, input/output (I/O) and storage resources. 1 of 12 8/22/2009 6:49 PM Infrastructure architecture essentials, Part 7: High-performance computing ... http://www.ibm.com/developerworks/library/ar-infraarch7/ Multi-core processors. Since the peak of uniprocessor clock rates just below 4GHz, AMD and Intel have both developed a wide offering of SMP and NUMA architectures for OTS mainboards and have interesting new multi-core architectures coming out with the AMD Shangai and Intel® Nehalem processor complexes. Multi-core processor complexes have become typical for all of general purpose computing (GPC) and has helped to motivate HPC OTS solutions built from scalable clusters of OTS compute nodes along with software libraries to exploit multiple instruction, multiple data (MIMD) architectures. Scalable I/O hubs. The IBM xSeries® system includes both traditional SMP memory controller hub interfaces to the PCI-E bus, memory, and processor cores as well as NUMA scaling with options like the IBM System x 3950. Many new chip sets will employ protocols such as Intel's Quick Path Interface (QPI) and AMD's Hypertransport (HTX) for scaling with NUMA in 2009. The x3950 provides NUMA scaling of up to four systems and a total of 28 PCI-E x8 I/O expansion slots (seven interfaces per x3950 system). Scalable memory interfaces. As memory is scaled, many systems are employing protocols such as DDR3 increasing transfer rates up to 12800 MB/sec per memory bank with capability to easily scale to 256GB of memory per processing node with OTS memory technology. Manycore SIMD offload engines. The Cell Broadband Engine™ (Cell/B.E.™) and PowerXCell 8i processors as well as GP-GPUs from NVIDIA and AMD/ATI provide 10s to 100s of offload cores for SIMD acceleration of applications. IBM xSeries Cluster 1350. IBM supported clustering of xSeries rackmount or BladeCenter MIMD clusters. IBM pSeries® Cluster 1600. IBM supported clustering of pSeries IBM POWER™ architecture clusters. BladeCenter. A highly integrated vertical server integration with a mid-plane and IBM BladeCenter Open Fabric I/O for a variety of IBM POWER6, AMD Opteron, Intel Xeon®, and Cell processing boards. Skills and competencies: Offloading and SIMD instruction set extensions HPC OTS clusters can now leverage SIMD instructions sets as well as Cell and GP-GPU SIMD many-core processors like the NVIDIA Tessla. Here's a quick overview of options: Cell processor offload. The Cell design, originally developed for digital media with the Cell/B.E., has found its way into IBM Blue Gene®/L, now with the PowerXCell 8i processor in OTS solutions like the BladeCenter QS22 used for Roadrunner as well as OTS offload PCI-E cards like Fixstars GigaAccel 180 (see Resources ). GPU offload. NVIDIA CUDA for the Tessla GP-GPU and GeForce/Quadra GPUs along with AMD/ATI Stream Computing software development kit (SDK) programming environments for writing SIMD kernels for offload in hybrid architectures provide methods for developing and debugging HPC applications employing OTS components like GP-GPUs. (see Resources for more information on CUDA/Tessla and Steam Computing/AMD-FireStream.) SIMD instruction set extension. Although GP-GPUs are helping to bring hundreds of cores to HPC OTS for offloading mathematically intensive kernels, Intel SSE 4.x and AMD are likewise adding SIMD instruction set extensions to traditional processors. Both the Nehalem and Shanghai processor complexes will bring additional SIMD instructions to the market in 2009 (see Resources for Intel Performance Primitives .) Tools and techniques: Multi-core programming In this section, you get a quick look at programming methods and the value of threading multi-core as well as offloads for many-core Cell and GP-GPU hybrid architectures. Programming Cell/B.E. and PowerXCell 8i OTS offload engines has been made much easier by the programming environments that IBM makes 2 of 12 8/22/2009 6:49 PM Infrastructure architecture essentials, Part 7: High-performance computing ... http://www.ibm.com/developerworks/library/ar-infraarch7/ available. The best way to get started with Cell programming is to install Linux® on a Sony Playstation 3 (PS3) and write some code to accelerate threaded code with Synergistic Processing Element (SPE) offload. The article, " SoC drawer—The Cell Broadband Engine chip: High-speed offload for the masses ," provides an example to help get you going at home. Programming GP-GPUs by comparison can be tricky; however, the newer NVIDIA Tessla GP-GPUs and the CUDA programming environment have made GP-GPU SIMD programming far easier than it was a year or two ago. Both offload methods provide an excellent way to accelerate compute/math kernels in larger-scale OTS HPC cluster applications. Spending time with both is recommended to determine how well your applications of interest can be accelerated using Cell or GP-GPU offload. The redundant array of independent disks (RAID)-5 example code (see Download) provided with this article provides a simple demonstration of how threading can significantly speed up arithmetic logic unit (ALU) processing using the multi-core Intel Core™ 2 Duo processor I happen to have on my laptop. Running this code single threaded, once it's cached, you see about 430,000 RAID-5 operations per second. Compared to the threaded version, running 16 threads on the Core 2 Duo processor, you see a significant improvement, with about 980,000 RAID-5 operations per second. The following session on my laptop shows the power of threading. Listing 1 first shows the singly threaded RAID-5 run for the example code provided for download with this article; Listing 2 then shows the speed-up that threading on an OTS dual-core processor provides. Listing 1. Singly threaded RAID-5 computations on a dual-core system Sam Siewert@sam-laptop /cygdrive/c/Publishing/HPC-OTS/developerworks/hpcots/raid $ ./testraid5 Test Done in 315000 microsecs for 100000 iterations 317460.317460 RAID-5 OPS computed per second WITH PRECHECK ON WITH MODIFY ON WITH REBUILD ON WITH VERIFY ON Test Done in 231000 microsecs for 100000 iterations 432900.432900 RAID-5 OPS computed per second WITH PRECHECK ON WITH MODIFY ON WITH REBUILD ON WITH VERIFY ON Now, the same RAID-5 block level data verification ( PRECHECK ), XOR encoding of a parity block ( MODIFY ), and restoration of a lost block in the parity set ( REBUILD ), followed by data verification again is repeated using 16 threads to process 16 blocks concurrently by my dual-core laptop, doubling performance. Listing 2. The threaded version
Load more

Recommended publications
  • Storage Administration Guide Storage Administration Guide SUSE Linux Enterprise Server 12 SP4
    SUSE Linux Enterprise Server 12 SP4 Storage Administration Guide Storage Administration Guide SUSE Linux Enterprise Server 12 SP4 Provides information about how to manage storage devices on a SUSE Linux Enterprise Server. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xii 1 Available Documentation xii 2 Giving Feedback xiv 3 Documentation Conventions xiv 4 Product Life Cycle and Support xvi Support Statement for SUSE Linux Enterprise Server xvii • Technology Previews xviii I FILE SYSTEMS AND MOUNTING 1 1 Overview
    [Show full text]
  • NVIDIA Magnum IO Gpudirect Storage
    NVIDIA Magnum IO GPUDirect Storage Installation and Troubleshooting Guide TB-10112-001_v1.0.0 | August 2021 Table of Contents Chapter 1. Introduction........................................................................................................ 1 Chapter 2. Installing GPUDirect Storage.............................................................................2 2.1. Before You Install GDS.............................................................................................................2 2.2. Installing GDS............................................................................................................................3 2.2.1. Removal of Prior GDS Installation on Ubuntu Systems...................................................3 2.2.2. Preparing the OS................................................................................................................3 2.2.3. GDS Package Installation.................................................................................................. 4 2.2.4. Verifying the Package Installation.....................................................................................4 2.2.5. Verifying a Successful GDS Installation............................................................................5 2.3. Installed GDS Libraries and Tools...........................................................................................6 2.4. Uninstalling GPUDirect Storage...............................................................................................7 2.5. Environment
    [Show full text]
  • How Netflix Tunes EC2 Instances for Performance
    CMP325 How Netflix Tunes EC2 Instances for Performance Brendan Gregg, Performance and OS Engineering Team November 28, 2017 © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Netflix performance and operating systems team • Evaluate technology - Instance types, Amazon Elastic Compute Cloud (EC2) options • Recommendations and best practices - Instance kernel tuning, assist app tuning • Develop performance tools - Develop tools for observability and analysis • Project support - New database, programming language, software change • Incident response - Performance issues, scalability issues © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda 1. Instance selection 2. Amazon EC2 features 3. Kernel tuning 4. Methodologies 5. Observability © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Warnings • This is what’s in our medicine cabinet • Consider these “best before: 2018” • Take only if prescribed by a performance engineer © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1. Instance selection © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Netflix cloud Many application workloads: Compute, storage, caching… EC2 Applications (services) S3 ELB Elasticsearch Cassandra EVCache SES SQS © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Netflix AWS environment • Elastic Load Balancing ASG Cluster allows real load testing prod1 ELB 1. Single instance canary, then, Canary 2. Auto scaling group • Much better than micro- ASG-v010 ASG-v011 benchmarking alone, which … … is error prone Instance Instance Instance Instance Instance Instance Instance Instance Instance Instance © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
    [Show full text]
  • Setup Software RAID1 Array on Running Centos 6.3 Using Mdadm
    Setup software RAID1 array on running CentOS 6.3 using mdadm. (Multiple Device Administrator) All commands run from terminal as super user. Default CentOS 6.3 installation with two hard drives, /dev/sda and /dev/sdb which are identical in size. Machine name is “serverbox.local”. /dev/sdb is currently unused, and /dev/sda has the following partitions: /dev/sda1: /boot partition, ext4; /dev/sda2: is used for LVM (volume group vg_serverbox) and contains / (volume root), swap (volume swap_1) and /home (volume home). Final RAID1 configuration: /dev/md0 (made up of /dev/sda1 and /dev/sdb1): /boot partition, ext4; /dev/md1 (made up of /dev/sda2 and /dev/sdb2): LVM (volume group vg_serverbox), contains / (volume root), swap (volume swap_1) and /home (volume home). 1. Gather information about current system. Report the current disk space usage: df -h View physical disks: fdisk -l View physical volumes on logical disk partition: pvdisplay View virtual group details: vgdisplay View Logical volumes: lvdisplay Load kernel modules (to avoid a reboot): modprobe linear modprobe raid0 modprobe raid1 Verify personalities: cat /proc/mdstat The output should look as follows: serverbox:~# cat /proc/mdstat Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] unused devices: <none> 2. Preparing /dev/sdb To create a RAID1 array on a running system, prepare the /dev/sdb hard drive for RAID1, then copy the contents of /dev/sda hard drive to it, and finally add /dev/sda to the RAID1 array. Copy the partition table from /dev/sda
    [Show full text]
  • Setting up Software RAID in Ubuntu Server | Secu
    Setting up software RAID in Ubuntu Server | Secu... http://advosys.ca/viewpoints/2007/04/setting-up-so... Setting up software RAID in Ubuntu Server April 24th, 2007 Posted by Derrick Webber Updated Mar 13 2009 to reflect improvements in Ubuntu 8.04 and later. Linux has excellent software-based RAID built into the kernel. Unfortunately information on configuring and maintaining it is sparse. Back in 2003, O’Reilly published Managing RAID on Linux and that book is still mostly up to date, but finding clear instructions on the web for setting up RAID has become a chore. Here is how to install Ubuntu Server with software RAID 1 (disk mirroring). This guide has been tested on Ubuntu Server 8.04 LTS (Hardy Heron). I strongly recommend using Ubuntu Hardy or later if you want to boot from RAID1. Software RAID vs. hardware RAID Some system administrators still sneer at the idea of software RAID. Years ago CPUs didn’t have the speed to manage both a busy server and RAID activities. That’s not true any more, especially when all you want to do is mirror a drive with RAID1. Linux software RAID is ideal for mirroring, and due to kernel disk caching and buffering it can actually be faster than RAID1 on lower end RAID hardware. However, for larger requirements like RAID 5, the CPU can still get bogged down with software RAID. Software RAID is inexpensive to implement: no need for expensive controllers or identical drives. Software RAID works 1 de 23 27/09/09 13:41 Setting up software RAID in Ubuntu Server | Secu..
    [Show full text]
  • Ubuntu Server Guide Basic Installation Preparing to Install
    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
    [Show full text]
  • Software-RAID-HOWTO.Pdf
    Software-RAID-HOWTO Software-RAID-HOWTO Table of Contents The Software-RAID HOWTO...........................................................................................................................1 Jakob Østergaard [email protected] and Emilio Bueso [email protected] 1. Introduction..........................................................................................................................................1 2. Why RAID?.........................................................................................................................................1 3. Devices.................................................................................................................................................1 4. Hardware issues...................................................................................................................................1 5. RAID setup..........................................................................................................................................1 6. Detecting, querying and testing...........................................................................................................2 7. Tweaking, tuning and troubleshooting................................................................................................2 8. Reconstruction.....................................................................................................................................2 9. Performance.........................................................................................................................................2
    [Show full text]
  • Quick Reference 11 Unix Linux Troubleshooting
    Quick Reference Card 11 Linux Troubleshooting Your? host logo Boot Process #Boot steps: Recover from an unknown root password BIOS #EFI is successor for e.g. IA64, #1) Start single user mode, then passwd #Extensible Firmware Interface #2) Boot from a Linux CD, su -, mount / partition: mount /dev/hda3 /mnt mbr #Create backup (if is input file, of=output) # Remove the x in the /mnt/etc/passwd file (second field on the root line) dd if=/dev/hda of=/tmp/mbr bs=512 count=1 #3) Run passwd in the Rescue Mode file /tmp/mbr #Check -> x86 boot sector #4) Add kernel boot parameter: init=/bin/sh hexdump /tmp/mbr #See inside copied mbr #See also: Lab ad endum at Roberts_Quick_References khexdump /tmp/mbr #Install via: yast2 -i kdeutils-extra, or ghex2 /tmp/mbr #Package: rpm -qf $(which ghex2) Fix bootloader #Last 2 Bytes 'magic number': 55 AA #Start in Rescue Mode, and at the first prompt: boot loader #GRUB or LILO. #Type zast or yast #German keyboard work around :-) #GRUB supports TFTP network boot, serial console, shell: #System, Boot Loader Configuration, Reset <Alt-e>, #In bootgui: press <Esc>, <C> grub command line, or grub from Linux CLI #Propose New Configuration, Finish <Alt-f> help #Show GRUB commands find /boot/vmlinuz #Returns partition with kernel YaST boot into system #To live with a damaged boot loader find /etc/fstab #Returns / partition (Starts with 0, not 1) #Start from (any version) CD1 #Tip: Hardcode IDE disks in BIOS, not on 'automatic' #Start Installation, License Agreement, Language, Boot Installed System #Kernel options: less /usr/src/linux/Documentation/kernel-parameters.txt Rescue Mode #Change setup of a non bootable machine: vi /boot/grub/device.map #Map GRUB names to Linux names, e.g.: #Boot from CD1 (any version, highest SP for driver support) (hd0) /dev/hda #Select Rescue System, and login as root grub-md5-crypt #Create encrypted password for menu.lst grub #Find the / partition: init #PID 1 find /etc/fstab exit Software RAID #Mirror of /boot: LILO only, not GRUB! mount /dev/hda3 /mnt #Mount / partition #Hardware RAID is prefer., if not SATA, e.g.
    [Show full text]
  • A Secure, Reliable and Performance-Enhancing Storage Architecture Integrating Local and Cloud-Based Storage
    Brigham Young University BYU ScholarsArchive Theses and Dissertations 2016-12-01 A Secure, Reliable and Performance-Enhancing Storage Architecture Integrating Local and Cloud-Based Storage Christopher Glenn Hansen Brigham Young University Follow this and additional works at: https://scholarsarchive.byu.edu/etd Part of the Electrical and Computer Engineering Commons BYU ScholarsArchive Citation Hansen, Christopher Glenn, "A Secure, Reliable and Performance-Enhancing Storage Architecture Integrating Local and Cloud-Based Storage" (2016). Theses and Dissertations. 6470. https://scholarsarchive.byu.edu/etd/6470 This Thesis is brought to you for free and open access by BYU ScholarsArchive. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of BYU ScholarsArchive. For more information, please contact [email protected], [email protected]. A Secure, Reliable and Performance-Enhancing Storage Architecture Integrating Local and Cloud-Based Storage Christopher Glenn Hansen A thesis submitted to the faculty of Brigham Young University in partial fulfillment of the requirements for the degree of Master of Science James Archibald, Chair Doran Wilde Michael Wirthlin Department of Electrical and Computer Engineering Brigham Young University Copyright © 2016 Christopher Glenn Hansen All Rights Reserved ABSTRACT A Secure, Reliable and Performance-Enhancing Storage Architecture Integrating Local and Cloud-Based Storage Christopher Glenn Hansen Department of Electrical and Computer Engineering, BYU Master of Science The constant evolution of new varieties of computing systems - cloud computing, mobile devices, and Internet of Things, to name a few - have necessitated a growing need for highly reliable, available, secure, and high-performing storage systems. While CPU performance has typically scaled with Moore’s Law, data storage is much less consistent in how quickly perfor- mance increases over time.
    [Show full text]
  • Lustre 1.8 Operations Manual
    Lustre™ 1.8 Operations Manual Part No. 821-0035-12 Lustre manual version: Lustre_1.8_man_v1.4 June 2011 Copyright© 2007-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. Sun, Sun Microsystems, the Sun logo and Lustre are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Products covered by and information contained in this service manual are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly prohibited. DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license and obtain more information about Creative Commons licensing, visit Creative Commons Attribution-Share Alike 3.0 United States or send a letter to Creative Commons, 171 2nd Street, Suite 300, San Francisco, California 94105, USA.
    [Show full text]
  • Discover and Tame Long-Running Idling Processes in Enterprise Systems
    Discover and Tame Long-running Idling Processes in Enterprise Systems Jun Wang1, Zhiyun Qain2, Zhichun Li3, Zhenyu Wu3, Junghwan Rhee3, Xia Ning4, Peng Liu1, Guofei Jiang3 1Penn State University, 2University of California, Riverside, 3NEC Labs America, Inc. 4IUPUI 1{jow5222, pliu}@ist.psu.edu, [email protected], 3{zhichun, adamwu, rhee, gfj}@nec-labs.com, [email protected] ABSTRACT day's enterprise systems are so complex that it is hard to un- Reducing attack surface is an effective preventive measure to derstand which program/process can be the weakest links. strengthen security in large systems. However, it is challeng- Many security breaches start with the compromise of pro- ing to apply this idea in an enterprise environment where cesses running on an inconspicuous workstation. Therefore, systems are complex and evolving over time. In this pa- it is beneficial to turn off unused services to reduce their cor- per, we empirically analyze and measure a real enterprise to responding attack surface. Anecdotally, many security best identify unused services that expose attack surface. Inter- practice guidelines [12,9] suggest system administrators to estingly, such unused services are known to exist and sum- reduce attack surface by disabling unused services. How- marized by security best practices, yet such solutions require ever, such knowledge needs to be constantly updated and it significant manual effort. is unfortunate that no formal approach has been studied to We propose an automated approach to accurately detect automatically identify such services. the idling (most likely unused) services that are in either Prior research has mostly focused on the line of anomaly blocked or bookkeeping states.
    [Show full text]
  • DGX Software with Centos
    DGX Software with CentOS Installation Guide RN-09301-002 _v04 | May 2021 Table of Contents Chapter 1. Introduction........................................................................................................ 1 1.1. Related Documentation............................................................................................................ 1 1.2. Prerequisites............................................................................................................................. 1 1.2.1. Access to Repositories.......................................................................................................2 1.2.1.1. NVIDIA Repositories.....................................................................................................2 1.2.1.2. CentOS Repositories....................................................................................................2 1.2.2. Network File System..........................................................................................................2 1.2.3. BMC Password................................................................................................................... 2 Chapter 2. Installing CentOS................................................................................................4 2.1. Obtaining CentOS...................................................................................................................... 4 2.2. Booting CentOS ISO Locally....................................................................................................
    [Show full text]