[Bioclusters] pointers on cluster integration with MS active
directory environments
Joe Landman
landman at scalableinformatics.com
Wed Aug 23 20:21:37 EDT 2006
I should also note that we have been asked/hired to solve similar
problems, though the question of how to deal with a potentially fragile
AD implementation makes it more ... challenging. You can't have AD
going down lock out cluster/HPC/DB jobs. Calls for some
inventive/interesting solutions.
Joe
Joe Landman wrote:
> www.centrify.com
>
> Chris Dagdigian wrote:
>>
>> Hi folks,
>>
>> Figured I'd ask here before trying the beowulf list ...
>>
>> I'm working with an organization that will be deploying a midsized
>> life science oriented cluster in the next few months. This group is in
>> the business of making new products, selling products and
>> discovering/developing new products -- the message from the top down
>> is that IT is a tool that they need to be able to use effectively but
>> they don't want to be in the position of designing, managing and
>> deploying lots of custom/complex or one-off IT solutions.
>>
>> This means that their IT systems tend to be well designed, extremely
>> well documented and focused on ease-of-maintenance. In many cases the
>> solutions are designed with an eye towards handing off the day to day
>> operation/management to a 3rd party infrastructure/operations provider
>> or contractor.
>>
>> The organization already has a robust and well-managed directory
>> services infrastructure based on MS Windows and Active Directory.
>> There is *strong* interest in extending this directory service into
>> the realm of the biocluster so that they don't have to roll out and
>> manage a totally separate access scheme for cluster users.
>>
>> I've done enough work in the lab with AD, LDAP and Kerberos to know
>> that Linux+Kerberos can usually play nicely and authenticate against
>> Active Directory servers but I have not personally done this further
>> than simple experimentation on test systems. Getting a single Linux
>> box to authenticate against the domain is one thing; integrating 80+
>> linux boxes is something different.
>>
>> Have people on this list done Active Directory integration with full
>> clusters? I'm interested in all pointers, war stories, product/vendor
>> recommendations etc. that people would be willing to share. Of
>> particular concern to me is how to bring the directory/authentication
>> info into the private cluster network so the compute nodes can make
>> use of it -- some methods involve password synchronization and others
>> seem to involve bringing an AD server directly onto the cluster
>> network. Only a few of the commercial Linux/Active Directory
>> integration offerings seem to promise "minimal or zero" configuration
>> changes on the actual domain server (a key point as I doubt we'll be
>> allowed to mess with the domain servers much themselves).
>>
>> I'll summarize any responses and can tell y'all how the project went
>> sometime next year!
>>
>> Regards,
>> Chris
>>
>>
>>
>>
>> _______________________________________________
>> Bioclusters maillist - Bioclusters at bioinformatics.org
>> https://bioinformatics.org/mailman/listinfo/bioclusters
>
>
--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web : http://www.scalableinformatics.com
phone: +1 734 786 8423
fax : +1 734 786 8452 or +1 866 888 3112
cell : +1 734 612 4615
More information about the Bioclusters
mailing list