Re: [Condor-users] Condor in a secure academic environment

[Zachary Miller <zmiller@xxxxxxxxxxx>]

> Security:
> 
> The main issue is security of client machines and enterprise data that clients
> have access to.
> 
> We have thousands of managed, locked down windows machines on Active Directory.
> 
> How secure is the data and access on these machines (especially confidential &
> enterprise data) by both the daemons and users? 

you should be able to use your AD infrastructure to secure all your network
communications and authenticate users who are submitting jobs.  all connections
can easily be authenticated, encrypted, and integrity checked.

the problem i forsee will be when you have active jobs running on execute
machines, you will need to be very careful that the input and output files
for a given job are not world-readable.  and of course, anyone with admin
access will be able to read the data of a job running on a given machine.


> Would a virtual machine be required to run Linux, or would it be usable if jobs
> were ported to Windows?

either option is viable.


> Availability policy:
> 
> I'm aware of suspend & preempt if node not idle; is there further policy
> options, such as:
> 
> - only run after business hours
> 
> - only run when owner of machine is logged off

these are easily done.  the START expression can encoded these requirements.


> - network bandwidth throttling (for buildings with slow network connections)

there are a number of throttling options in condor to limit number of running
jobs and various other things, such as number of concurrent file transfers
to/from submit and execute nodes.  there's no throttle specific to network
bandwidth, but there are other ways of limiting things which may be sufficient.


cheers,
-zach