Category:BwUniCluster 2.0: Difference between revisions

From bwHPC Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 18: Line 18:
{| style="width:100%; vertical-align:top; border:0px solid #BBBBBB; padding:4px;" |
{| style="width:100%; vertical-align:top; border:0px solid #BBBBBB; padding:4px;" |
|-
|-
|{{Red}}| Overview: Currrently enforced security measures
|{{Red}}| New security measures enforced on 13.08.2020
|-
|-
|
|
Due to a security breach the following restrictions are currently being enforced:
On 13.08.2020 at 10 AM the following changes to the security policies will take effect:


* For authentication, the use of a second factor (2-factor authentication) in addition to the service password will be mandatory. [[BwUniCluster 2.0 User Access/2FA Tokens|You can find the draft user documentation for this function here]].
* A service password has to be set via the [https://bwidm.scc.kit.edu bwIDM] system. The passwords valid at the home institutions can no longer be used.


* The use of SSH keys will be possible again. However, these can no longer be managed via the authorized_keys files, but only centrally via bwIDM. [[BwUniCluster 2.0 User Access/SSH Keys|You can find the draft user documentation for this function here]].
* Access is limited to IP addresses from within the campus networks of the respective home institutions of our current users. If you are outside of one of these networks (e.g. in your home office), a VPN connection to your home institution has to be established first (see e.g. [https://www.scc.kit.edu/dienste/openvpn.php] for the KIT).


* External storage systems such as the LSDF are available again.
* SSH keys have been deactivated.


The following restrictions still apply:
* Direct SSH logins on the compute nodes are not possible.


* Access is limited to IP addresses from within the campus networks of the respective home institutions of our current users. If you are outside of one of these networks (e.g. in your home office), a VPN connection to your home institution has to be established first (see e.g. [https://www.scc.kit.edu/dienste/openvpn.php] for the KIT).
* The "SUID bit" cannot be used for files and directories.


* The "SUID bit" cannot be used for files and directories.
Most of the restrictions mentioned above are planned to be lifted soon.
|}
|}
|}
|}

Revision as of 15:21, 10 August 2020


Close-up of bwUniCluster by Robert Barthel, copyright: KIT (SCC)
Close-up of bwUniCluster © KIT (SCC)

On 17.03.2020, the Steinbuch Centre for Computing (SCC) at Karlsruhe Institute of Technology (KIT) commissioned a new parallel computer system called "bwUniCluster 2.0+GFB-HPC" as a state service within the bwHPC framework. The bwUniCluster 2.0 replaces the predecessor system bwUniCluster and also includes the additional compute nodes which were procured as an extension to the bwUniCluster in November 2016.

The modern bwUniCluster 2.0 system consists of more than 840 SMP nodes with 64-bit Intel Xeon processors. It provides the universities of the state of Baden-Württemberg with general compute resources and can be used free of charge by the staff of all universities in Baden-Württemberg. Users who currently have access to bwUniCluster will automatically also have access to bwUniCluster 2.0. There is no need to apply for new entitlements or to re-register.


New security measures enforced on 13.08.2020

On 13.08.2020 at 10 AM the following changes to the security policies will take effect:

  • External storage systems such as the LSDF are available again.

The following restrictions still apply:

  • Access is limited to IP addresses from within the campus networks of the respective home institutions of our current users. If you are outside of one of these networks (e.g. in your home office), a VPN connection to your home institution has to be established first (see e.g. [1] for the KIT).
  • The "SUID bit" cannot be used for files and directories.


Access


Software
Hardware
Batch/Compute Jobs
bwHPC Best Practice Guides / FAQs
Miscellaneous





This category currently contains no pages or media.