- HPC Buyers Guide
Detailed Buyers Reference- Applications
- Budget
- Processors
- Interconnects
- Memory
- Distributions
- Cluster Management
- Warranty and Support
- Cluster Racking
- Cluster Logical Layout
- Master Node
- Storage
- Backup
- Nodes
- Power
- Cooling
- Commercial Software
- Schedulers
- Account Management
- Windows Integration
- Shipping and Delivery
- On-Site and Training
- Next Steps
HPC Applications- Processor
- System
- Network
- Storage
- Power
- Cooling
- Facilities Estimator
- Remote Management
- Green Computing
- Visualization
- Compilers
- Operating Systems
- Schedulers and Tools
- Virtualization
Security
What are your security options?
Aspen normally configures your externally connected hosts with packet filtering firewalls implemented with IP Filters and a Network Address Translation (NAT) gateway that allows internal nodes to access external network resources. IP Filters are used to allow only specific ports to be accessed on your cluster external access points. Your firewalls are configured to allow;
- any communications from internal nodes to external destinations
- ICMP (for pings)
- multicast DNS (optional, needed for some sites)
- Internet Printing Protocol (optional, needed for some sites)
- Secure Shell
- SMTP (e-mail)
- http (web server)
- https (secure web server)
- ABC (if ABC is installed, it utilizes ports 10140 and 10150 for specific ABC access, and ports 40000 through 40500 to proxy other internal cluster web pages)
Additional port rules may be added based on your cluster customization requirements in order to allow communications between your cluster and your organizational network for any additional applications you specify.
In some cases, the Aspen cluster firewall may be customized or disabled based on your custom requirements. Perhaps your administrators wish to perform all security filtering on a centralized firewall system, or your requirements mandate a specific firewall solution be placed in front of your cluster external connections. If the firewall is disabled, your cluster master can be configured as a NAT gateway only, and allow all communications. Your external node firewalls may be customized by filling in your requirements in your Statement of Work.
Additional tools are included based on your distribution, such as tripwire or auditd. These utilities can be configured to your specification, but Aspen engineers will require specific coordination with your site security administrators and clearly stated rule sets to work from. Due to the complexity of some site specific rule sets, this integration is not normally included with your cluster purchase, and may result in additional charges based on your site requirements and the engineering hours needed to perform the integration.
Aspen can configure your cluster to meet National Industrial Security Program Operating Manual (NISPOM) Chapter 8 requirements, but this may limit your distribution choices. This integration may result in additional engineering charges based on your requirements. Other utilities, such as SNORT, or Port Sentry can be configured based on your organizational requirements for additional charges as well.
Speak to your Aspen sales engineer about your specific security requirements. Aspen can help you meet your site-specific security requirements for your cluster deployment.
