By this I didn’t mean between the Minis 
A server on unrouted private IP, sitting directly behind a hardware VPN, which is accessible only by a diskless thin client (which can only connect to the VPN), using multi-factor authentication and client certs, can be pretty secure.
Free UPS
The data these machines process, and some of the algorithms they use as well, are trade secrets. If enough of it leaks, we will be out of business.
We are not willing to stake our business on the question of whether some vendor has found and fixed all the security vulnerabilities in their VPN hardware and thin clients, because the answer is pretty much guaranteed to be “No”.
EDIT: Don’t worry, we’re not in the financial industry.
Well, the real problem is that we implemented the simulations some time ago using numerical schemes that do not map well to the GPU. We could certainly re-implement them, but because they would not be numerically identical to the existing simulations we would need to go through a long verification process all over again (as opposed to just re-running the test cases and checking for an exact match).
I am very interested in the Xeon Phi as well, but it will not be widely available until early 2013 as I understand it, and I have not been able to find very much information on the actual details of the development and execution environment.
By going over the memory and cache sensitivity I mean it will swing your choice between beefy top end Xeons down to a slew of Core3s or even Phi. You could see a 2:1 price performance difference depending upon the fit. Or 2:1 of power, or even space occupied. Phi would be a really cute answer, but might be just plain wrong. But you have to run the tests, or you will never know.
I will be thinking very hard about a Phi in the new year to test its viability in a very similar scenario to yours. We are not so protective of the algorithms, although they are a trade secret. But the data can sometimes be highly sensitive, and not ours. So a portable compute solution can be important. Most of our stuff is signals related, and could be ported to GPU based systems, but would still require significant effort to port. Thus Phi.
The first Phi is slated for availability Jan 28 2013, so only a few weeks away. Fine for me, but you might be a bit tighter for time.
How often does the system have to be moved and what are the lead times? With enough lead time you could arrange a disk-less rental machine to be delivered where needed and you install your disks when you get there. You could even take your own RAM sticks along. Or if you want to own the machine let UPS/Fedex/whoever take care of shipping the server while you just carry the disks.
Here’s a 3U blade server that holds 8 blades, each with a quad-core Xeon processor. I don’t see why you can’t put that in a rack case (like this) for transport. It becomes oversized luggage, but you can probably afford the fee if you can afford the system.
To beat a dead horse, if VPN is not secure enough, how is checked baggage secure?
I’m not the OP but that sure looks like a winner. You could duct tape 2 of those together and still be relatively compact with a lot of power.
They are different sorts of security threats. If you use one of the many solutions for encrypting hard drives then the checked baggage is more secure than a VPN solution. Putting things up on the internet is simply less secure than not allowing them on the internet.
Well, unfortunately, 2 of them won’t do you any good without the chassis that holds all 8, and this thing is essentially the same size and weight as the servers we have already.
But damn, I did not realize how cheap blade setups had gotten. The last time I looked at blade servers, the enclosure alone (without any blades!) cost almost that much. Unfortunately, the linked configuration only includes one hard drive, and we do need a bit of storage on each node, so it would probably be around $8,000 with those added on. That’s still a great deal, but more than we need to take on the road.
There is zero difference (security-wise) between a encrypted hard drive that can be stolen from your carry-on luggage, and an encrypted disk image stored online.
It would have saved a lot of time and effort if the OP had just listed the solutions he’s already tried, since it looks like he’s already trialed and dismissed most of the suggestions here.
But I still think his company is either running on out-dated assumptions or has incompetent IT people if they can’t figure out a secure way of keeping the servers in the server room. Even if it was as simple as transmitting encrypted disk images over a VPN link.
A VPN is fine for protecting data in transit, but the machines at either end are still connected to the internet in one way or another, and thus the unencrypted information they are displaying, processing or storing is still vulnerable. A 17-year-old on the other side of the world can break in without leaving his couch, and if he’s competent, without any way to even know who did it.
By comparison, checked baggage is heavily secured by the TSA, our drives are encrypted, and we take the drive(s) with us in our carry-on whenever possible. If someone wanted to specifically steal our stuff from our luggage, they’d be taking an enormous risk of getting caught, since unlike doing it digitally, you can only steal physical objects by showing up in person.
If some random TSA agent steals something of ours, he won’t know what to do with it, and in reality he’d rather steal someone’s iPad than some ugly computer part anyway (this is a something of an argument against the Mini, I guess).
Yes, one option is to have computers totally disconnected from the internet, transmit encrypted data back and forth using internet-connected computers, and have a human operator manually move them back and forth to the secure computers using read-only/WORM media, so that the unencrypted data only exists on the secure computers, which are never connected to the internet. I am comfortable with the security of this arrangement, but it requires me to perform all my interaction with the secure computer through another person, which is a major pain in the ass, not efficient at all, and much more expensive than just buying a computer and bringing it with me on the road.
And you can keep your comments about competence to yourself.
I was referring to duct taping 2 chassis together for a total of 64 cores but still in a relatively compact form.
I was getting carried away with the linear scaling and forgot you only wanted 12 cores.