Microsoft uses Linux for Skype supernodes

Microsoft has overhauled its Skype voice-over-IP service by replacing peer-to-peer client machines with thousands of Linux boxes.

The boxes have been hardened against the most common types of hack attacks.

According to an insecurity expert at Immunity Security, Kostya Kortchinsky, the roll out, which was carried out in secret, happened two months ago.

It a departure from the design that has powered Skype for the past decade.

Skype has consisted of “supernodes” made up of regular users who had sufficient bandwidth, processing power, and other system requirements.

These supernodes then transferred data with other supernodes in a peer-to-peer fashion.

Kortchinsky’s analysis shows that Skype is now being powered by a little more than 10,000 supernodes which are hosted by the company and regular users are not promoted to supernode status.

Each of the boxes run Linux using grsecurity which is a collection of patches and configurations designed to make servers more resistant to attacks.

Supernodes used to only handle 800 end users, but Kortchinsky said, the newer ones host about 4,100 users and have a theoretical limit of as many as 100,000 users. Kortchinsky discovered the Linux supernodes are using a Skype probing technique.

It does mean that Microsoft has moved away from user-supplied supernodes and there is a questions about the suitability of peer-to-peer technology to run services that small and large businesses rely on for sensitive calls and messages.

Mark Gillett, CVP, Skype Product Engineering & Operations told Ars Technica that Microsoft had developed supernodes which can be located on dedicated servers within secure datacentres. Skype’s peer-to-peer architecture is the same – it is just the supernodes are now in-house and not running on Windows.