TECHNOLOGY FOR CHANGE

Extreme Virtualization: Million-Machine Cluster Will Enable Botnet Study

Stan Gibson | Date: 07-29-09 | Comments

Scientists at Sandia National Labs have a goal of emulating the computer network of a nation to monitor cyber-attacks.

These days, everyone wants to virtualize their servers to get more usage out of each box. So, how about a million virtual machines?

Scientists at Sandia National Laboratories in Livermore, Calif., booted up that many Linux kernels in virtual machines to study the behavior of malicious botnets. By placing a small amount of code on a large number of systems, cyber-criminals deploy botnets to carry out malicious tasks.

�The botnet test bed is needed because botnets are by their nature secretive�the best ones hide and are very hard to detect and observe," said Ron Minnich, a scientist at Sandia.

Don Rudish, another Sandia scientist, added, �We can pause all the machines, scan their memory, and look at which are infected and which are not.�

The researchers utilized Thunderbird, Sandia�s Albuquerque, N.M.-based 4,480-node Dell high-performance computer cluster. Using technology from Dell and IBM, they ran one Linux kernel in each of 250 virtual machines on each physical server to yield a total of 1,120,000 virtual machines.

The Linux kernel used in the test was not changed except to remove components such as Bluetooth support that were irrelevant to the test, according to Rudish. To split the servers into multiple virtual machines, the researchers used without modification the hypervisor that is built into the Linux kernel, Rudish said.

Minnich said the sheer number of virtual machines pushed the technology envelope. �Ten thousand is an OK number of machines, but you hit 1 million and you run into things that no one ever planned on,� he said, noting that a million IP addresses brought their routers to their knees. In addition, conventional management tools are not geared to handle such a large number of systems, so the researchers considered deploying botnet technology for good purposes�simply to gain control over all the VMs.

There is plenty of work still to do. No applications were run on the million virtualized machines. That will be done in a future experiment, even as the researchers scale up to 10 million VMs, a figure they hope to reach in 2010.

�Eventually, we would like to be able to emulate the computer network of a small nation, or even one as large as the United States, in order to �virtualize� and monitor a cyber-attack,� said Minnich.

Click here for "THINK" Leadership Forum Presentation Videos

IBM Resources

Videos

TWITTER FEED

23 minutes agoGood morning from Los Angeles! #ibmcloud
26 minutes agoThat's it from me! Over to North America.
32 minutes agoThe data processing of Roland Garros 2012 (#RG12) rests on IBM Private Cloud http://t.co/JUaY1ItM [French Press release]
about 2 hours agoIBM Accelerates Business from Supply to Demand with New #Cloud Offerings For Smarter Commerce http://t.co/OFxknOb0 [Press Release]
about 3 hours agoHow IBM #SmartCloud Foundation technology powers cloud adoption? IBM VP @SLHebner explains here http://t.co/sSzfa0O5 [VIDEO]
about 4 hours agoIBM's Fiona Cullen will present ‘The Power of #Cloud: Driving Business Model’ On May 24 @ Utrecht, Netherlands #cloudforum2012 #ibmcloud
about 5 hours agoBlog Post: Why service providers should not ignore cloud http://t.co/ZfQyue4r via @eMarcusNet #thoughtsoncloud
about 6 hours agoHave any #cloudmoment? Share your story with us via Twitter, Instagram, YouTube, Facebook and tag it. See other stories http://t.co/J4ntsaQ5
about 7 hours agoSign up now for IBM #SmartCloud Enterprise! No charge for select VMs (only till May 28). More Details >> http://t.co/2LEzOUZC #ibmcloud
about 7 hours agoRT @HansMoen: See this video from @IBMCloud to learn how to cut costs in building innovation in your business http://t.co/XOyJoFn6 #clou ...