Dan, I have installed Centrify our grid customers and it's a very attractive proposal because there is not intermediate LDAP to deal with. You simply add the Centrify software to your grid hosts and then add them to Active directory. After which you have single sign on that is compatible with our GRID/Clustering software LSF (Load Sharing Facility). In addition, the Centrify software still allows Unix administrators the ability to manage who get's to what and when outside without having full AD authority. It represents a good segregation of duties between identify management and systems management. It is a beautiful piece of software and worth the investment if you are driving towards a *nix based clustering environment in a predominately Windows world. Regards, Larry Adams Systems Engineer Platform Computing direct: 586.510.0007 mobile: 586.899.1138 fax: 586.510.0246 www.platform.com IMPORTANT NOTICE: This memo is confidential. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone this message or any information contained in this message. If you have received this message in error, please advise the sender by reply email, and delete this message. The sender accepts no responsibility or liability for any errors and omissions, loss or damage from use, including damage from viruses. -----Original Message----- From: bioclusters-bounces+ladams=platform.com at bioinformatics.org [mailto:bioclusters-bounces+ladams=platform.com at bioinformatics.org]On Behalf Of Daniel.G.Roberts at sanofi-aventis.com Sent: Thursday, August 24, 2006 2:54 PM To: bioclusters at bioinformatics.org Subject: RE: [Bioclusters] pointers on cluster integration with MSactivedirectory environments Also Vintela VAS should work.. Anyone have first hand experience with using either centrify or vas in their cluster for user authentication? I gather that you still have to run a lightweight ldap server on the headnode in order to have the compute nodes authenticate the user.. thoguths? dan -----Original Message----- From: bioclusters-bounces+daniel.g.roberts=aventis.com at bioinformatics.org [mailto:bioclusters-bounces+daniel.g.roberts=aventis.com at bioinformatics. org]On Behalf Of Joe Landman Sent: Wednesday, August 23, 2006 5:15 PM To: HPC in Bioinformatics Subject: Re: [Bioclusters] pointers on cluster integration with MS activedirectory environments www.centrify.com Chris Dagdigian wrote: > > Hi folks, > > Figured I'd ask here before trying the beowulf list ... > > I'm working with an organization that will be deploying a midsized life > science oriented cluster in the next few months. This group is in the > business of making new products, selling products and > discovering/developing new products -- the message from the top down is > that IT is a tool that they need to be able to use effectively but they > don't want to be in the position of designing, managing and deploying > lots of custom/complex or one-off IT solutions. > > This means that their IT systems tend to be well designed, extremely > well documented and focused on ease-of-maintenance. In many cases the > solutions are designed with an eye towards handing off the day to day > operation/management to a 3rd party infrastructure/operations provider > or contractor. > > The organization already has a robust and well-managed directory > services infrastructure based on MS Windows and Active Directory. There > is *strong* interest in extending this directory service into the realm > of the biocluster so that they don't have to roll out and manage a > totally separate access scheme for cluster users. > > I've done enough work in the lab with AD, LDAP and Kerberos to know that > Linux+Kerberos can usually play nicely and authenticate against Active > Directory servers but I have not personally done this further than > simple experimentation on test systems. Getting a single Linux box to > authenticate against the domain is one thing; integrating 80+ linux > boxes is something different. > > Have people on this list done Active Directory integration with full > clusters? I'm interested in all pointers, war stories, product/vendor > recommendations etc. that people would be willing to share. Of > particular concern to me is how to bring the directory/authentication > info into the private cluster network so the compute nodes can make use > of it -- some methods involve password synchronization and others seem > to involve bringing an AD server directly onto the cluster network. > Only a few of the commercial Linux/Active Directory integration > offerings seem to promise "minimal or zero" configuration changes on the > actual domain server (a key point as I doubt we'll be allowed to mess > with the domain servers much themselves). > > I'll summarize any responses and can tell y'all how the project went > sometime next year! > > Regards, > Chris > > > > > _______________________________________________ > Bioclusters maillist - Bioclusters at bioinformatics.org > https://bioinformatics.org/mailman/listinfo/bioclusters -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics LLC, email: landman at scalableinformatics.com web : http://www.scalableinformatics.com phone: +1 734 786 8423 fax : +1 734 786 8452 or +1 866 888 3112 cell : +1 734 612 4615 _______________________________________________ Bioclusters maillist - Bioclusters at bioinformatics.org https://bioinformatics.org/mailman/listinfo/bioclusters _______________________________________________ Bioclusters maillist - Bioclusters at bioinformatics.org https://bioinformatics.org/mailman/listinfo/bioclusters