How do Managed Services Work
Managed Services work by securely connecting our engineers to your cluster. Aspen must have a secure remote connection to your cluster in order to provide Managed Services. We must also have privileged access and the capability to become super user to perform systems level tasks.
If the cluster is designed to facilitate remote administration, with capabilities such as remote power control for nodes, It is very easy to ensure that Managed Services work well on your new cluster with as little local intervention as possible. Your cluster can be designed from the outset with Managed Services in mind, and your Aspen sales engineer can help you with your choices and tradeoffs. However, you can deploy Managed Services on older clusters as well by having us retrofit them with equipment to make full remote management possible.
If the clusters to be managed do not have remote power control or console connections, more local intervention will be necessary in maintenance and troubleshooting actions, but all the standard capabilities such as bare metal restore and remote diagnostics can still be installed and utilized. Your Aspen sales engineer can help you understand what options are best for your particular needs.
A Remote Connection to your cluster
Aspen Systems Managed Services are implemented via a secure network connection to your cluster. You may choose one of several different connection methodologies, depending on your organizational security requirements.
Aspen VPN: Aspen can configure your cluster with a VPN client that "calls home" to a dedicated Aspen secure support network. No customer connected to the Aspen secure support network can communicate with any other customer systems, but our engineers can access the secure support network to communicate with your system for routine monitoring, maintenance and upgrades. The Aspen VPN requires no inbound ports to be opened on your organizational firewalls, and more than one system in your cluster can be configured with an Aspen VPN client for redundancy. Most customers favor this approach as little or no network configuration is needed at your site.
ABC: If your cluster is equipped with the Aspen Beowulf Cluster Management System, Aspen engineers can utilize ABC to manage your cluster or assist your HPC administrators. This solution requires that specific port access ranges be allowed, and forwarded if necessary, to the outside interface of your clusters.
Secure Shell: Secure Shell, or SSH, is an encryption and network protocol that is widely used to provide secure communications between networked hosts. Aspen can perform most remote management with SSH access. This configuration requires that port 22 be allowed and forwarded to the outside interface of your clusters.
Customer VPN: In some cases, your security rules may require that Aspen utilize your VPN solution to access your cluster. Aspen supports most major VPN clients, but will require that you provide such things as cryptographic devices and client licenses.
Private Line: In a very few instances, your security requirements may be such that a dedicated private line must be established between one of our management centers and your cluster location. Aspen can support this option, if required, at additional expense.
Even when a VPN is used, Aspen still utilizes secure protocols such as SSH or the ABC interface to access your clusters. This results in a doubly encrypted path between the Aspen support engineers and your systems, and provides an additional layer of security and peace of mind for you.
System Access and Control
All new Aspen clusters are built to manage. For instance, if your cluster is equipped with the ABC Management system, your nodes are equipped with IPMI to allow full remote power and, if configured, direct remote access to system video consoles.This allows your cluster administrators or Aspen to fully control all aspects of the node, up to and including a full bare metal restore from disaster recovery images. On these clusters, only occasional hands on work, such as failed parts replacement, must be performed, and even these can be contracted to one of Aspens hardware maintenance partners. If your cluster is older or not equipped with full remote management capabilities, more hands on work might be required.
Peripheral equipment can be controlled with the use of Switched PDUs, and older clusters can be retrofitted with remote IP KVM units to facilitate console access to some or all of the nodes. All of these capabilities make it possible to access and manage your new or existing cluster. Talk to your Aspen sales engineer today about Aspen Managed Services for your new or existing cluster.
Finally, you must define what level of Managed Service you require. Aspen offers several standard Managed Service packages, one of which may fit your needs perfectly. If not, your sales engineer can work with you to tailor a package that meets your specific needs.
