[Bioclusters] pointers on cluster integration with MS active
directory environments
Joe Landman
landman at scalableinformatics.com
Wed Aug 23 17:14:32 EDT 2006
www.centrify.com
Chris Dagdigian wrote:
>
> Hi folks,
>
> Figured I'd ask here before trying the beowulf list ...
>
> I'm working with an organization that will be deploying a midsized life
> science oriented cluster in the next few months. This group is in the
> business of making new products, selling products and
> discovering/developing new products -- the message from the top down is
> that IT is a tool that they need to be able to use effectively but they
> don't want to be in the position of designing, managing and deploying
> lots of custom/complex or one-off IT solutions.
>
> This means that their IT systems tend to be well designed, extremely
> well documented and focused on ease-of-maintenance. In many cases the
> solutions are designed with an eye towards handing off the day to day
> operation/management to a 3rd party infrastructure/operations provider
> or contractor.
>
> The organization already has a robust and well-managed directory
> services infrastructure based on MS Windows and Active Directory. There
> is *strong* interest in extending this directory service into the realm
> of the biocluster so that they don't have to roll out and manage a
> totally separate access scheme for cluster users.
>
> I've done enough work in the lab with AD, LDAP and Kerberos to know that
> Linux+Kerberos can usually play nicely and authenticate against Active
> Directory servers but I have not personally done this further than
> simple experimentation on test systems. Getting a single Linux box to
> authenticate against the domain is one thing; integrating 80+ linux
> boxes is something different.
>
> Have people on this list done Active Directory integration with full
> clusters? I'm interested in all pointers, war stories, product/vendor
> recommendations etc. that people would be willing to share. Of
> particular concern to me is how to bring the directory/authentication
> info into the private cluster network so the compute nodes can make use
> of it -- some methods involve password synchronization and others seem
> to involve bringing an AD server directly onto the cluster network.
> Only a few of the commercial Linux/Active Directory integration
> offerings seem to promise "minimal or zero" configuration changes on the
> actual domain server (a key point as I doubt we'll be allowed to mess
> with the domain servers much themselves).
>
> I'll summarize any responses and can tell y'all how the project went
> sometime next year!
>
> Regards,
> Chris
>
>
>
>
> _______________________________________________
> Bioclusters maillist - Bioclusters at bioinformatics.org
> https://bioinformatics.org/mailman/listinfo/bioclusters
--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web : http://www.scalableinformatics.com
phone: +1 734 786 8423
fax : +1 734 786 8452 or +1 866 888 3112
cell : +1 734 612 4615
More information about the Bioclusters
mailing list