11/03/2006

niagara falls

i am currently running one of sun's new sun fire t2000 servers, as part of an evaluation and review programme. sun are allowing qualified individuals and companies to try the system for sixty (60) days before buying one. this can only be a good thing for sun, since it ought to get people who would not normally specify sun kit to have a look. as far as cost goes, the server retails at around usd 10K depending on configuration. this is actually pretty cheap for a system of this quality and power. think of it this way - how much would a 24-way PC system cost? and in a 2U form factor chassis as well?

the specification of my machine is listed as medium and has a niagara T1 processor. this is a six core ultra SPARC T1 cpu, each core of which runs at 1 GHz and has four 'coolthread' execution units, giving a total of twenty four (24) processors. the machine also has 8 gigabytes of ram and two 73 gigabyte serial attached SCSI (SAS) drives. the technology is known as coolthreads because the system only consumes seventy five watts (75W) at full load. this isn't the highest spec, either - it is possible to have t2000 configurations with eight T1 cores, running at 1.2 GHz, giving 32 coolthreads. note that there is no floating point processor in the T1, although the system does have a cryptographic accelerator built in.

so, when the box arrived yesterday, i unpacked it immediately...

the shipment consisted of: the server itself, a rack-mounting kit, two utp patch cords and two uk power cords. there is no real documentation shipped, just a small warranty booklet and a set of packing notes. it does, however, have a whole set of neat little diagrams on the top of the chassis explaining common maintenance tasks, like replacing fans or installing more ram modules. i downloaded the documentation from sun, and read the install guide first.

the sun fire t2000 'coolthreads' server


it turns out that on power being supplied initially, it will go into the lights-out management mode (ALOM) and stay there. this must be accessed via the serial management console, which is the only active port on the box as shipped.

to get into it i needed an RJ45 (sun) to DB9F (PC) null-modem cable. unfortunately, nothing of the kind came in the box. still, a trip to maplins and application of a soldering iron and a few hours later (yes, i'm that bad at soldering, and i had help!) a cable was ready. it turns out that this is what is commonly called a 'cisco console rollover cable' and they are almost always available on ebay. i enabled the network management port and booted into the open firmware ok prompt, and then into solaris. sun don't configure Solaris for you, although they do install it, however the configuration is as simple as setting IP address parameters and location details, so it didn't take long until i had a working, networked server. annd here is the proof:

adk@hexagon$ prtdiag
System Configuration: Sun Microsystems sun4v Sun Fire T200
System clock frequency: 200 MHz
Memory size: 8184 Megabytes

========================= CPUs =========================
CPU CPU
Location CPU Freq Implementation Mask
------------ ----- -------- ------------------- -----
MB/CMP0/P0 0 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P1 1 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P2 2 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P3 3 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P4 4 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P5 5 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P6 6 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P7 7 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P8 8 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P9 9 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P10 10 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P11 11 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P12 12 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P13 13 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P14 14 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P15 15 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P16 16 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P17 17 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P18 18 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P19 19 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P20 20 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P21 21 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P22 22 1000 MHz SUNW,UltraSPARC-T1
MB/CMP0/P23 23 1000 MHz SUNW,UltraSPARC-T1


as you can see, i have 24 cpus ready to do whatever i want. i have been waiting for this technology ever since i first read about it in 2004 so i have some pretty good ideas about how to utilise it. although sun seem to be promoting this as an enterprise class web and web application server (which it will perform fine as.) but, i think that it would make an excellent network security appliance. i intend to run an array of security applications and services to see how well it copes. this would include network IDS and IPS sensors and management servers, which can take advantage of the virtualisation technology available in solaris 10. also, some kind of all-in-one firewall and dmz protection device with deep packet inspection and virtualised ingress and egress firewalls, using all four gigabit ethernet ports. it also has crypto acceleration, which is ideal for several other security tasks.

my first job is to secure and harden the stock solaris 10 install that it came with. i have to turn off all the default services, such as telnetd and rlogin, only then will i be able to start thinking about allowing hexagon onto the internet, and doing something useful. more on this as i run the tests and build the environments to test them...

3 comments:

Anonymous said...

Actually the Niargara does have hardware floating point support. It just has only one processing unit that is shared by all threads.

Anonymous said...

Solaris 10 doesn't have rlogind or telnetd running by default.

grkvlt said...

actually, on the install on my T2K they were running... see the nmap output at the start of the article.