

The Making of OnMetal - rphillips
http://www.scalescale.com/the-making-of-onmetal/

======
cmsj
Still want to know how they're mitigating firmware attacks :)

~~~
pquerna
I'd like us (Rackspace) to publish a full whitepaper about what we have done,
but I'll break down things into two topical areas:

1) Requiring signing of all firmwares, and putting those firmware private keys
in control of Rackspace whenever possible.

2) Disabling systems of integration between the BMC and Operating system --
for example we completely disable the HECI bus, removing a major surface area
for the operating system to affect the BMC.

~~~
ryanburk
was firmware signing a big factor in the decision to go with OCP hardware?

thanks for telling the story. it is encouraging for us as we are bringing up
ironic support ourselves.

~~~
pquerna
Strictly speaking, you can get traditional vendors to do firmware signing --
but getting them to put your public key in there will be more difficult, with
volume most of the big vendors will be... accommodating.

Dell's 12th generation PowerEdge for example has a pretty good baseline
outlined here:

[http://en.community.dell.com/cfs-
file.ashx/__key/telligent-e...](http://en.community.dell.com/cfs-
file.ashx/__key/telligent-evolution-components-
attachments/13-4491-00-00-20-13-99-10/dell_2D00_secure_2D00_bios_2D00_poweredge_2D00_12th_2D00_generation_2D00_servers.pdf)

But that only covers the BIOS really, not things like firmwares in different
PCI cards. But its a start.

~~~
jbrad7354
Can you guys do a DB machine type with more RAM? 128Gb isn't enough. :)

~~~
russell_h
We've gotten this request a few times, can you elaborate on why you need so
much RAM? How much is enough?

~~~
jbrad7354
So that most of our hot data fits in RAM? I would expect the type of machine
you guys are selling to come with 256Gb standard, to be honest (and the cost
of another 128Gb of RAM is negligible -- I'd pay a couple more $ per day or
whatever for it).

------
tzury
OnMetal Compute v1 - comes out as $560 per month which is not that expensive
at all for a 10 cores instance!

