I’ve worked several different shops now that seem to have a misconception about computer burn in. So I’m going to explain it.
I think there’s a misconception that if you let a computer run with a light load for a while, it somehow gets stronger, and ready to handle a big workday load.
I’m 5’9″ and weigh about a buck-fifty, so trust me, I know a non-bodybuilder when I see one. And computers aren’t bodybuilders.
Unless something else changes, computers don’t get stronger. Run them long enough and hard enough, and they get weaker as the components slowly break down, just like any other machine. But they don’t get stronger, any more than your car gets stronger.
There’s certainly merit in testing a system under a lighter-than-normal load, but that’s to protect the user community, not the computer. You test something that might break during off hours in hope of minimizing or eliminating impact. That’s all.
But when you want to know if a computer system is going to hold up to a first-thing-Monday-morning workload, you simulate that first-thing-Monday-morning workload.
At home, you run the system with Prime95 for 24 hours to see if it breaks. You can do the same thing with a computer workstation, or a server that processes heavy CPU-intensive loads.
For a web application, you can hammer the system with Apache Bench. For a Windows system, you might script something with some of the Resource Kit tools to try to simulate users logging on and doing stuff.
Run the CPU up to what you typically see during a workweek, maybe add a few points for extra measure, and then you can be confident that you have reliable system.
Otherwise, you can expect to hear a conversation like this on a conference call.
“Well, it worked fine in the lab.”
“Well, you have 20 users in your lab. I have 20 thousand.”
We security guys have a reputation for not caring about reliability. That’s not true. I care deeply about reliability. Like I told my boss this week, we can have perfect confidentiality and integrity by unplugging the computer and locking it up in a closet. Or, do what the Kremlin is planning to do and switch to typewritten documents on paper. Both are actually lousy security, though, because the people who need to get at the data can’t do it.
The most valuable thing in security, after human life, is data. But data has no value if the people who need to work with that data can’t get to it.