Jump Boxes ECC & ZFS?

Posted by Jastibute@reddit | sysadmin | View on Reddit | 11 comments

Do Jump Boxes need ECC RAM and ZFS? Or will any consumer grade laptop do the job?

[-]

Kumorigoe@reddit

Sorry, it seems this comment or thread has violated a sub-reddit rule and has been removed by a moderator.

Inappropriate use of, or expectation of the Community.

Avoid low-quality posts. Make an effort to enrich the community where you can- provide details, context, opinions, etc. in your posts.
Moronic Monday & Thickheaded Thursday are available for simple questions, or other requests that don't need their own full thread. Utilize them as much as possible.

If you wish to appeal this action please don't hesitate to message the moderation team.

[-]

ECC RAM inhibits and detects bit flips in memory, and ZFS inhibits on-disk corruption. If the jump box is storing audit logs locally, then these would probably be a good idea. The jump-box should be one-way communicating the audit logs elsewhere, though, even if it's also keeping a local copy.

Any discussion of ECC and error-resilience is inevitably met with cries of YAGNI. Yes, a few of the same commenters who advocate for spending eight times more for, say, network gear, will now make similar impassioned cries against literal professional hardware. Anyone with those two positions may want to review the existing presence of checksumming in their infrastructures.

[-]

eufemiapiccio77@reddit

Why do you think they would?

[-]

Jastibute@reddit (OP)

You're running a browser with a client side app in memory. So if you encounter an error, that'll get sent to the device you're working with. ZFS for just ensuring you've got no funky business happening to your base OS. If some file gets corrupted, you just scrub and fixed.

[-]

gihutgishuiruv@reddit

Do all of your users’ machines have ECC? Do your users’ brains have ECC? Does your brain have ECC?

[-]

TheFluffiestRedditor@reddit

Mine’s got EGR - error generating ram. ::sigh:: this getting old thing is a drag.

[-]

Jastibute@reddit (OP)

Not all, but as many as practicable. The ones that do critical tasks do.

[-]

No_Ionger_interested@reddit

ECC and ZFS are not the main concern here. And no, consumer-grade laptops won't be a wise idea. At my workplace, they use certified business-grade machines (Lenovo ThinkCentre and the like) as OT engineering workstations. In practice, you’re far more likely to have problems with access control, hardening, misconfiguration, misuse, or lack of emergency fallback when the jump box is unavailable. I've seen sysadmins drive out to data center after they messed up VLANs and killed access to the very same machine they were using to administer network.

[-]

eufemiapiccio77@reddit

Huh? Are you talking about jump boxes here?

[-]

poizone68@reddit

Is there a particular reason you need a physical jump box? Generally I've seen jump boxes as an intermediary virtual machine.

[-]

No_Ionger_interested@reddit

I'd say that you need PAM first and foremost for daily duties, and a engineer's workstation as backup in case SHTF. And chances are that the PAM or even a simple RDP host likely runs on top of virtualization environment powered by ECC RAM. But these engineer workstations are likely regular desktop computers or laptops with no flashy features apart from vPro and the like.