Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
LA-UR- 0 lt= - 0 s 6
Approved for public release
distribution is unlimited
Title
Author(s)
Intended for
Kerberized Network File System for Clusters
Ian Burns Christopher Hoffman Paige Ashlynn
ElectronicWorld-wide Web Academic Distribution
-JLos Alamos NATIONA L LABOR ATOR Y ---- EH1941 ----
Los Alamos National Laboratory an aHirmatlve actionequal opportunity employer is operated by the Los Alamos National Security LLC for the National Nuclear Security Administration of the US Department of Energy under contract DE-AC52-06NA25396 By acceptance of this article the publisher recognizes that the US Government retains a nonexclusive royalty-free license to publish or reproduce the published form of this contribution or to allow others to do so for US Government purposes Los Alamos National Laboratory requests that the publisher identify this article as work performed under the auspices of the US Department of Energy Los Alamos National Laboratory strongly supports academic freedom and a researchers right to publish as an institution however the Laboratory does not endorse the viewpoint of a publication or guarantee its technical correctness
Form 836 (706)
Abstracts
Kerberized Network File System for Clusters Paige Ashlynn UN M
Ian Burns NMT Christopher Hoffman MTU
Abstract With constan tly looming cyber-security threats protecting valuable da ta has become a very important issue The implementation of security protocols should not com prom ise ease of use or perfonnance The Kerberos protocol provides a high I vel of security while minimiz ing overhead A cen tral Kerberos server needs to be able to provide authentication for a variety of serv ces distribu ted over a number of connected networks Though cl ustered environ ments traditi nally hav e not req uired i ntemal security the landscape is changi ng rapidly
It is im portant for any authorized person to be abl e to access their data from whatever computer they must use for their work This could be a simple desktop workstation or a large supercomputer There needs to be a single secure method of accompl ishing th is sharing for a1l environmen ts Kerberized FS can be Llsed to address thi s need for data mobili ty in a secure manner However the perform ance impact that Kerberos will have on NFS in a clustered setting is sti ll largely un known Factors such as level of security and differen t types of encryption affect performa nce and usa bility greatly
We will evaluate these impacts and ma ke a general recommendation for suitable security levels and feasibil ity for possible deployments in current and fu ture LANL systems
Kerberized Network File System for Clusters
Presented on 08-03-2009 by
Chris Hoffman
Ian Burns
Paige Ashlynn
Instructor Andree Jacobson Mentor David Kennel
LoS Alamos NATIONAL LAB O RATORY ____ EST 19 43
Operated by Los Alamos National Security LLC for NNSA
ISTI lWOfltfTlO SCI ILE amp nXllXOWU l~ J Jn~ lJ~
UNCLASSIFIED
-VA amprFJ~
Introduction
Kerberized NFSv4 in an HPC Cluster
bull Motivation
bull Advantages amp Disadvantages of Ke~beros
bull Changes in NFSv4
bull Behaviour
bull Performance
~)Los Alamos NATI O NA L LA BORATO RY UNCLASSIF ED ____ HT 194)
Operated by Los Alamos National Security LLC for NNSA
Impetus
The Problem
bull Secure light-weight remote data access from
nodes on supercomputer clusters
The Solution
bull Kerberos and NFSv4 are designed to
accomplish this task on enterprise networks
Los Alamos N AT I ONA L LA BO RAT O RY UNCLASSIF IED ____ poundST1943
Operated by Los Alamos National Security LLC for NNSA Vamp~S1OJ
Advantages of Kerberos Authentication
bull Single Sign-On
bull Password Security
bull Verified Clients
bull Scalable
bull Integration
pLos Alamos
UNCLASSIFIEDNATI ONAL LABORATOR Y ____ EST 19 4113
Operated by Los Alamos National Security LLC for NNSA
--Disadvantages of Kerberos Authentication
bull Single Point of Compromise
bull Requires Application Support
~ Los Alamos NATIONAL LABORATORY UNCLASSIFIED ____ pound51 1943
Operated by Los Alamos National Security LLC for NNSA
Changes in NFSv4 - _ -_
bull Native Support for Authentication Protocols
bull Kerberbs Integration Options
bull KRB5 = Authentication
bull KRB5i =Authentication amp Integ rity
bull KRB5p = Authentication Integ rity amp Encryption
bull Non-Unix Compatibility
bull Virtual Filesystem )Los Alamos NATIONAL LA BORATORY UNCLASSIFIED _______ T1 _______________________________________________________________________________________________________________________________________________________
Operated by Los Alamos National Security LLC for NNSA - bull J~~ V~~
Test Environment
Enterprise VLAN
Client
l DAP Kerberos
~ Los Alamos NATIONA L LA BO RATORY UNCLASSIFIED ____ EST 194 3
Operated by Los Alamos National Security LLC for NNSA vasr4
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Abstracts
Kerberized Network File System for Clusters Paige Ashlynn UN M
Ian Burns NMT Christopher Hoffman MTU
Abstract With constan tly looming cyber-security threats protecting valuable da ta has become a very important issue The implementation of security protocols should not com prom ise ease of use or perfonnance The Kerberos protocol provides a high I vel of security while minimiz ing overhead A cen tral Kerberos server needs to be able to provide authentication for a variety of serv ces distribu ted over a number of connected networks Though cl ustered environ ments traditi nally hav e not req uired i ntemal security the landscape is changi ng rapidly
It is im portant for any authorized person to be abl e to access their data from whatever computer they must use for their work This could be a simple desktop workstation or a large supercomputer There needs to be a single secure method of accompl ishing th is sharing for a1l environmen ts Kerberized FS can be Llsed to address thi s need for data mobili ty in a secure manner However the perform ance impact that Kerberos will have on NFS in a clustered setting is sti ll largely un known Factors such as level of security and differen t types of encryption affect performa nce and usa bility greatly
We will evaluate these impacts and ma ke a general recommendation for suitable security levels and feasibil ity for possible deployments in current and fu ture LANL systems
Kerberized Network File System for Clusters
Presented on 08-03-2009 by
Chris Hoffman
Ian Burns
Paige Ashlynn
Instructor Andree Jacobson Mentor David Kennel
LoS Alamos NATIONAL LAB O RATORY ____ EST 19 43
Operated by Los Alamos National Security LLC for NNSA
ISTI lWOfltfTlO SCI ILE amp nXllXOWU l~ J Jn~ lJ~
UNCLASSIFIED
-VA amprFJ~
Introduction
Kerberized NFSv4 in an HPC Cluster
bull Motivation
bull Advantages amp Disadvantages of Ke~beros
bull Changes in NFSv4
bull Behaviour
bull Performance
~)Los Alamos NATI O NA L LA BORATO RY UNCLASSIF ED ____ HT 194)
Operated by Los Alamos National Security LLC for NNSA
Impetus
The Problem
bull Secure light-weight remote data access from
nodes on supercomputer clusters
The Solution
bull Kerberos and NFSv4 are designed to
accomplish this task on enterprise networks
Los Alamos N AT I ONA L LA BO RAT O RY UNCLASSIF IED ____ poundST1943
Operated by Los Alamos National Security LLC for NNSA Vamp~S1OJ
Advantages of Kerberos Authentication
bull Single Sign-On
bull Password Security
bull Verified Clients
bull Scalable
bull Integration
pLos Alamos
UNCLASSIFIEDNATI ONAL LABORATOR Y ____ EST 19 4113
Operated by Los Alamos National Security LLC for NNSA
--Disadvantages of Kerberos Authentication
bull Single Point of Compromise
bull Requires Application Support
~ Los Alamos NATIONAL LABORATORY UNCLASSIFIED ____ pound51 1943
Operated by Los Alamos National Security LLC for NNSA
Changes in NFSv4 - _ -_
bull Native Support for Authentication Protocols
bull Kerberbs Integration Options
bull KRB5 = Authentication
bull KRB5i =Authentication amp Integ rity
bull KRB5p = Authentication Integ rity amp Encryption
bull Non-Unix Compatibility
bull Virtual Filesystem )Los Alamos NATIONAL LA BORATORY UNCLASSIFIED _______ T1 _______________________________________________________________________________________________________________________________________________________
Operated by Los Alamos National Security LLC for NNSA - bull J~~ V~~
Test Environment
Enterprise VLAN
Client
l DAP Kerberos
~ Los Alamos NATIONA L LA BO RATORY UNCLASSIFIED ____ EST 194 3
Operated by Los Alamos National Security LLC for NNSA vasr4
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Kerberized Network File System for Clusters
Presented on 08-03-2009 by
Chris Hoffman
Ian Burns
Paige Ashlynn
Instructor Andree Jacobson Mentor David Kennel
LoS Alamos NATIONAL LAB O RATORY ____ EST 19 43
Operated by Los Alamos National Security LLC for NNSA
ISTI lWOfltfTlO SCI ILE amp nXllXOWU l~ J Jn~ lJ~
UNCLASSIFIED
-VA amprFJ~
Introduction
Kerberized NFSv4 in an HPC Cluster
bull Motivation
bull Advantages amp Disadvantages of Ke~beros
bull Changes in NFSv4
bull Behaviour
bull Performance
~)Los Alamos NATI O NA L LA BORATO RY UNCLASSIF ED ____ HT 194)
Operated by Los Alamos National Security LLC for NNSA
Impetus
The Problem
bull Secure light-weight remote data access from
nodes on supercomputer clusters
The Solution
bull Kerberos and NFSv4 are designed to
accomplish this task on enterprise networks
Los Alamos N AT I ONA L LA BO RAT O RY UNCLASSIF IED ____ poundST1943
Operated by Los Alamos National Security LLC for NNSA Vamp~S1OJ
Advantages of Kerberos Authentication
bull Single Sign-On
bull Password Security
bull Verified Clients
bull Scalable
bull Integration
pLos Alamos
UNCLASSIFIEDNATI ONAL LABORATOR Y ____ EST 19 4113
Operated by Los Alamos National Security LLC for NNSA
--Disadvantages of Kerberos Authentication
bull Single Point of Compromise
bull Requires Application Support
~ Los Alamos NATIONAL LABORATORY UNCLASSIFIED ____ pound51 1943
Operated by Los Alamos National Security LLC for NNSA
Changes in NFSv4 - _ -_
bull Native Support for Authentication Protocols
bull Kerberbs Integration Options
bull KRB5 = Authentication
bull KRB5i =Authentication amp Integ rity
bull KRB5p = Authentication Integ rity amp Encryption
bull Non-Unix Compatibility
bull Virtual Filesystem )Los Alamos NATIONAL LA BORATORY UNCLASSIFIED _______ T1 _______________________________________________________________________________________________________________________________________________________
Operated by Los Alamos National Security LLC for NNSA - bull J~~ V~~
Test Environment
Enterprise VLAN
Client
l DAP Kerberos
~ Los Alamos NATIONA L LA BO RATORY UNCLASSIFIED ____ EST 194 3
Operated by Los Alamos National Security LLC for NNSA vasr4
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Introduction
Kerberized NFSv4 in an HPC Cluster
bull Motivation
bull Advantages amp Disadvantages of Ke~beros
bull Changes in NFSv4
bull Behaviour
bull Performance
~)Los Alamos NATI O NA L LA BORATO RY UNCLASSIF ED ____ HT 194)
Operated by Los Alamos National Security LLC for NNSA
Impetus
The Problem
bull Secure light-weight remote data access from
nodes on supercomputer clusters
The Solution
bull Kerberos and NFSv4 are designed to
accomplish this task on enterprise networks
Los Alamos N AT I ONA L LA BO RAT O RY UNCLASSIF IED ____ poundST1943
Operated by Los Alamos National Security LLC for NNSA Vamp~S1OJ
Advantages of Kerberos Authentication
bull Single Sign-On
bull Password Security
bull Verified Clients
bull Scalable
bull Integration
pLos Alamos
UNCLASSIFIEDNATI ONAL LABORATOR Y ____ EST 19 4113
Operated by Los Alamos National Security LLC for NNSA
--Disadvantages of Kerberos Authentication
bull Single Point of Compromise
bull Requires Application Support
~ Los Alamos NATIONAL LABORATORY UNCLASSIFIED ____ pound51 1943
Operated by Los Alamos National Security LLC for NNSA
Changes in NFSv4 - _ -_
bull Native Support for Authentication Protocols
bull Kerberbs Integration Options
bull KRB5 = Authentication
bull KRB5i =Authentication amp Integ rity
bull KRB5p = Authentication Integ rity amp Encryption
bull Non-Unix Compatibility
bull Virtual Filesystem )Los Alamos NATIONAL LA BORATORY UNCLASSIFIED _______ T1 _______________________________________________________________________________________________________________________________________________________
Operated by Los Alamos National Security LLC for NNSA - bull J~~ V~~
Test Environment
Enterprise VLAN
Client
l DAP Kerberos
~ Los Alamos NATIONA L LA BO RATORY UNCLASSIFIED ____ EST 194 3
Operated by Los Alamos National Security LLC for NNSA vasr4
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Impetus
The Problem
bull Secure light-weight remote data access from
nodes on supercomputer clusters
The Solution
bull Kerberos and NFSv4 are designed to
accomplish this task on enterprise networks
Los Alamos N AT I ONA L LA BO RAT O RY UNCLASSIF IED ____ poundST1943
Operated by Los Alamos National Security LLC for NNSA Vamp~S1OJ
Advantages of Kerberos Authentication
bull Single Sign-On
bull Password Security
bull Verified Clients
bull Scalable
bull Integration
pLos Alamos
UNCLASSIFIEDNATI ONAL LABORATOR Y ____ EST 19 4113
Operated by Los Alamos National Security LLC for NNSA
--Disadvantages of Kerberos Authentication
bull Single Point of Compromise
bull Requires Application Support
~ Los Alamos NATIONAL LABORATORY UNCLASSIFIED ____ pound51 1943
Operated by Los Alamos National Security LLC for NNSA
Changes in NFSv4 - _ -_
bull Native Support for Authentication Protocols
bull Kerberbs Integration Options
bull KRB5 = Authentication
bull KRB5i =Authentication amp Integ rity
bull KRB5p = Authentication Integ rity amp Encryption
bull Non-Unix Compatibility
bull Virtual Filesystem )Los Alamos NATIONAL LA BORATORY UNCLASSIFIED _______ T1 _______________________________________________________________________________________________________________________________________________________
Operated by Los Alamos National Security LLC for NNSA - bull J~~ V~~
Test Environment
Enterprise VLAN
Client
l DAP Kerberos
~ Los Alamos NATIONA L LA BO RATORY UNCLASSIFIED ____ EST 194 3
Operated by Los Alamos National Security LLC for NNSA vasr4
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Advantages of Kerberos Authentication
bull Single Sign-On
bull Password Security
bull Verified Clients
bull Scalable
bull Integration
pLos Alamos
UNCLASSIFIEDNATI ONAL LABORATOR Y ____ EST 19 4113
Operated by Los Alamos National Security LLC for NNSA
--Disadvantages of Kerberos Authentication
bull Single Point of Compromise
bull Requires Application Support
~ Los Alamos NATIONAL LABORATORY UNCLASSIFIED ____ pound51 1943
Operated by Los Alamos National Security LLC for NNSA
Changes in NFSv4 - _ -_
bull Native Support for Authentication Protocols
bull Kerberbs Integration Options
bull KRB5 = Authentication
bull KRB5i =Authentication amp Integ rity
bull KRB5p = Authentication Integ rity amp Encryption
bull Non-Unix Compatibility
bull Virtual Filesystem )Los Alamos NATIONAL LA BORATORY UNCLASSIFIED _______ T1 _______________________________________________________________________________________________________________________________________________________
Operated by Los Alamos National Security LLC for NNSA - bull J~~ V~~
Test Environment
Enterprise VLAN
Client
l DAP Kerberos
~ Los Alamos NATIONA L LA BO RATORY UNCLASSIFIED ____ EST 194 3
Operated by Los Alamos National Security LLC for NNSA vasr4
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
--Disadvantages of Kerberos Authentication
bull Single Point of Compromise
bull Requires Application Support
~ Los Alamos NATIONAL LABORATORY UNCLASSIFIED ____ pound51 1943
Operated by Los Alamos National Security LLC for NNSA
Changes in NFSv4 - _ -_
bull Native Support for Authentication Protocols
bull Kerberbs Integration Options
bull KRB5 = Authentication
bull KRB5i =Authentication amp Integ rity
bull KRB5p = Authentication Integ rity amp Encryption
bull Non-Unix Compatibility
bull Virtual Filesystem )Los Alamos NATIONAL LA BORATORY UNCLASSIFIED _______ T1 _______________________________________________________________________________________________________________________________________________________
Operated by Los Alamos National Security LLC for NNSA - bull J~~ V~~
Test Environment
Enterprise VLAN
Client
l DAP Kerberos
~ Los Alamos NATIONA L LA BO RATORY UNCLASSIFIED ____ EST 194 3
Operated by Los Alamos National Security LLC for NNSA vasr4
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Changes in NFSv4 - _ -_
bull Native Support for Authentication Protocols
bull Kerberbs Integration Options
bull KRB5 = Authentication
bull KRB5i =Authentication amp Integ rity
bull KRB5p = Authentication Integ rity amp Encryption
bull Non-Unix Compatibility
bull Virtual Filesystem )Los Alamos NATIONAL LA BORATORY UNCLASSIFIED _______ T1 _______________________________________________________________________________________________________________________________________________________
Operated by Los Alamos National Security LLC for NNSA - bull J~~ V~~
Test Environment
Enterprise VLAN
Client
l DAP Kerberos
~ Los Alamos NATIONA L LA BO RATORY UNCLASSIFIED ____ EST 194 3
Operated by Los Alamos National Security LLC for NNSA vasr4
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Test Environment
Enterprise VLAN
Client
l DAP Kerberos
~ Los Alamos NATIONA L LA BO RATORY UNCLASSIFIED ____ EST 194 3
Operated by Los Alamos National Security LLC for NNSA vasr4
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Behaviour in a Clustered Environment
bull Network Address Translation
bull Addressless ticketing
bull Torque Job Scheduler
Los Alamos NATIONAL LAB ORATORY UNCLASSIFIED ---_ EST 191
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Performance Test
bull Levels of Security
bull Large vs Small Files
bull SCP vs Bare NFSv4 vs Kerberized NFSv4
over Gigabit Ethernet
~
LoS Alamos NATIONA L LABORAT O RY UNCLASSIFIED _______ EST) ~~~~______________________________________________________________________________________________________________________________~~~~~~~~
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
45 krb5i
- 40 tn-- krb5p
OJ 35 E ~bare nfs
---Q) 30
co 25 ~ I-
~ 20
tn s 15 co l-I-- 10
Average File Transfer Rate - ---- - -- -~ ------ ------ - - - - - ~ -
50
~krb5
5
0
01 05 10 100 500 1024 2048
~) File Size (MB) Los Alamos NATIONA L LABO RATORY UNCLASSIFIED ____ [ST1941
Operated by Los Alamos National Security LLC for NNSA - ~~Vamp i
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
bull bull
Average ime to Copy 10000 5-kB Files -- -- - - - - -
004000
-tn -c co 003000 (J (I) UJ UJ (I) ~ 002000
c-E-5(I)
001000
I-
0) 000000
-Los Alamos NAT I ONA L lABO RATORY UNCLASSIFIED ____ fST 19CJ
Operated by Los Alamos National Security LLC for NNSA ~~~ VA~
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Average Time to Copy 20 SOO-MB Files
- ~ 1424 00
c 0 u (1) enbull bull en (1) 093600 l c-E ---(1)E 0448 00 -~
000000
Los Alamos NATIONAL LAB OR ATORY UNCLASSIFIED ____ poundsT 1943
Operated by Los Alamos National Secunty LLC for NNSA bullWrfarJtfi VAf~
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
CPU Utilization by Protocol ----- _- - -- - ---
60
o little I big I little big I little I big I little big I little big
krb5 krb5i krb5p scp bare nfs los Alamos
UNCLASSIFIEDNATIONA L LABORATORY ___ ES T 19J
Operated by Los Alamos National Security LLC for NNSA
I I I 1 ~e l ~~~~JgB I I ~ a () 30 rl -1--i-t--+---+-J- J1 ft
20
1 0 -+-1---f-----
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Summary
Kerberized NFSv4 in an HPC Cluster
bull Motivation
Advantages amp Disadvantages of Kerberos
bull Changes in NFSv4
bull Behaviour
bull Performance
~ Los Alamos NATIO NA L LA BORATO RY UNCLASSIFIED - ___ nT194)
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA
Questions
Answers HE-CVL~S CpoundlBERVlIoT
AD middot~Vf[fOS PElTRAXIT
~ Los Alamos NATIO N AL LAB O RATO RY UNCLASSIFIED ____ fS T 19l
Operated by Los Alamos National Security LLC for NNSA