[Bioclusters] pointers on cluster integration with MS active
directory environments
Chris Dagdigian
dag at sonsorol.org
Wed Aug 23 17:10:53 EDT 2006
Hi folks,
Figured I'd ask here before trying the beowulf list ...
I'm working with an organization that will be deploying a midsized
life science oriented cluster in the next few months. This group is
in the business of making new products, selling products and
discovering/developing new products -- the message from the top down
is that IT is a tool that they need to be able to use effectively but
they don't want to be in the position of designing, managing and
deploying lots of custom/complex or one-off IT solutions.
This means that their IT systems tend to be well designed, extremely
well documented and focused on ease-of-maintenance. In many cases the
solutions are designed with an eye towards handing off the day to day
operation/management to a 3rd party infrastructure/operations
provider or contractor.
The organization already has a robust and well-managed directory
services infrastructure based on MS Windows and Active Directory.
There is *strong* interest in extending this directory service into
the realm of the biocluster so that they don't have to roll out and
manage a totally separate access scheme for cluster users.
I've done enough work in the lab with AD, LDAP and Kerberos to know
that Linux+Kerberos can usually play nicely and authenticate against
Active Directory servers but I have not personally done this further
than simple experimentation on test systems. Getting a single Linux
box to authenticate against the domain is one thing; integrating 80+
linux boxes is something different.
Have people on this list done Active Directory integration with full
clusters? I'm interested in all pointers, war stories, product/vendor
recommendations etc. that people would be willing to share. Of
particular concern to me is how to bring the directory/authentication
info into the private cluster network so the compute nodes can make
use of it -- some methods involve password synchronization and others
seem to involve bringing an AD server directly onto the cluster
network. Only a few of the commercial Linux/Active Directory
integration offerings seem to promise "minimal or zero" configuration
changes on the actual domain server (a key point as I doubt we'll be
allowed to mess with the domain servers much themselves).
I'll summarize any responses and can tell y'all how the project went
sometime next year!
Regards,
Chris
More information about the Bioclusters
mailing list