[Bioclusters] pointers on cluster integration with MS activedirectory environments

Daniel.G.Roberts at sanofi-aventis.com Daniel.G.Roberts at sanofi-aventis.com
Thu Aug 24 14:53:57 EDT 2006

Also Vintela VAS should work..
Anyone have first hand experience with using either centrify or vas in their cluster for user authentication?

I gather that you still have to run a lightweight ldap server on the headnode in order to have the compute nodes authenticate the user..

-----Original Message-----
bioclusters-bounces+daniel.g.roberts=aventis.com at bioinformatics.org
[mailto:bioclusters-bounces+daniel.g.roberts=aventis.com at bioinformatics.
org]On Behalf Of Joe Landman
Sent: Wednesday, August 23, 2006 5:15 PM
To: HPC in Bioinformatics
Subject: Re: [Bioclusters] pointers on cluster integration with MS
activedirectory environments


Chris Dagdigian wrote:
> Hi folks,
> Figured I'd ask here before trying the beowulf list ...
> I'm working with an organization that will be deploying a midsized life 
> science oriented cluster in the next few months. This group is in the 
> business of making new products, selling products and 
> discovering/developing new products -- the message from the top down is 
> that IT is a tool that they need to be able to use effectively but they 
> don't want to be in the position of designing, managing and deploying 
> lots of custom/complex or one-off IT solutions.
> This means that their IT systems tend to be well designed, extremely 
> well documented and focused on ease-of-maintenance. In many cases the 
> solutions are designed with an eye towards handing off the day to day 
> operation/management to a 3rd party infrastructure/operations provider 
> or contractor.
> The organization already has a robust and well-managed directory 
> services infrastructure based on MS Windows and Active Directory. There 
> is *strong* interest in extending this directory service into the realm 
> of the biocluster so that they don't have to roll out and manage a 
> totally separate access scheme for cluster users.
> I've done enough work in the lab with AD, LDAP and Kerberos to know that 
> Linux+Kerberos can usually play nicely and authenticate against Active 
> Directory servers but I have not personally done this further than 
> simple experimentation on test systems. Getting a single Linux box to 
> authenticate against the domain is one thing; integrating 80+ linux 
> boxes is something different.
> Have people on this list done Active Directory integration with full 
> clusters? I'm interested in all pointers, war stories, product/vendor 
> recommendations etc.  that people would be willing to share. Of 
> particular concern to me is how to bring the directory/authentication 
> info into the private cluster network so the compute nodes can make use 
> of it -- some methods involve password synchronization and others seem 
> to involve bringing an AD server directly onto the cluster network.  
> Only a few of the commercial Linux/Active Directory integration 
> offerings seem to promise "minimal or zero" configuration changes on the 
> actual domain server (a key point as I doubt we'll be allowed to mess 
> with the domain servers much themselves).
> I'll summarize any responses and can tell y'all how the project went 
> sometime next year!
> Regards,
> Chris
> _______________________________________________
> Bioclusters maillist  -  Bioclusters at bioinformatics.org
> https://bioinformatics.org/mailman/listinfo/bioclusters


Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web  : http://www.scalableinformatics.com
phone: +1 734 786 8423
fax  : +1 734 786 8452 or +1 866 888 3112
cell : +1 734 612 4615

Bioclusters maillist  -  Bioclusters at bioinformatics.org

More information about the Bioclusters mailing list