<div dir="ltr">If you have no private network, I would recommend using IPSec<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 20, 2015 at 6:49 AM, Tony Travis <span dir="ltr"><<a href="mailto:tony.travis@minke-informatics.co.uk" target="_blank">tony.travis@minke-informatics.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 19/08/15 22:07, Ryan Johnson wrote:<br>
> Hello all,<br>
><br>
> I have a cluster with 128 compute nodes that run vanilla Ubutnu 14.04<br>
> and a PBS/Torque system. We run Galaxy as a separate machine with<br>
> Bio-Linux 8 (which can be though of as the Galaxy head node). Currently<br>
> to make it work I have the following directories exported as NFS mounts<br>
> into the cluster compute nodes:<br>
><br>
> /etc/galaxy-server/<br>
> /var/lib/galaxy-server<br>
> /usr/lib/galaxy-server<br>
><br>
> We also have a cluster wide user called Debian-galaxy (which lives on<br>
> the NIS *Yellow Pages*). Is this considered a safe and efficient way to<br>
> operate our production Galaxy cluster?<br>
<br>
</span>Hi, Ryan.<br>
<br>
There is no 100% safe way to operate a cluster if you expose the<br>
internal (cluster) network. I ran a Bio-Linux Beowulf with three<br>
separate network fabrics: System, Application and LAN. You should only<br>
export the NFS shares to cluster nodes on a private network and your NIS<br>
should be confined to the private network too.<br>
<br>
The design I used was based on EPCC (Edinburgh Parallel Computing<br>
Centre) BOBCAT (Budget Optimised Beowulf Constructed using Affordable<br>
technology). The most important/innovative aspect of BOBCAT was the<br>
separation of internal network fabrics for performance, but the same<br>
applies to separation of network fabrics for security reasons.<br>
<br>
HTH,<br>
<br>
Tony.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Minke Informatics Limited, Registered in Scotland - Company No. SC419028<br>
Registered Office: 3 Donview, Bridge of Alford, AB33 8QJ, Scotland (UK)<br>
tel. <a href="tel:%2B44%280%2919755%2063548" value="+441975563548">+44(0)19755 63548</a> <a href="http://minke-informatics.co.uk" rel="noreferrer" target="_blank">http://minke-informatics.co.uk</a><br>
mob. <a href="tel:%2B44%280%297985%20078324" value="+447985078324">+44(0)7985 078324</a> mailto:<a href="mailto:tony.travis@minke-informatics.co.uk">tony.travis@minke-informatics.co.uk</a><br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Bio-Linux mailing list<br>
<a href="mailto:Bio-Linux@nebclists.nerc.ac.uk">Bio-Linux@nebclists.nerc.ac.uk</a><br>
<a href="http://nebclists.nerc.ac.uk/mailman/listinfo/bio-linux" rel="noreferrer" target="_blank">http://nebclists.nerc.ac.uk/mailman/listinfo/bio-linux</a><br>
</div></div></blockquote></div><br></div>