Platform LSF Administration Guide Version 6.2

ManualsBrandsHP ManualsSoftwareHP XC System 3.x Software

191

192

193

194

195

196

197

198

199

200

Floating Client Licenses

Administering Platform LSF

194

Configuring security for LSF floating client licenses

Read this section to learn how to configure security against the issues presented in

“Security issues with floating client licenses” on page 193.

To resolve these security issues, the LSF administrator can limit which client hosts

submit requests in the cluster by adding a domain or a range of domains in

lsf.cluster.cluster_name with the parameter

FLOAT_CLIENTS_ADDR_RANGE.

FLOAT_CLIENTS_ADDR_RANGE parameter

This optional parameter specifies an IP address or range of addresses of domains from

which floating client hosts can submit requests. Multiple ranges can be defined,

separated by spaces. The IP addresses must be specified in dotted quad notation

(nnn.nnn.nnn.nnn).

If the value of this parameter is undefined, there is no security and any host can be an

LSF floating client.

If a value is defined, security is enabled. When this parameter is defined, client hosts that

do not belong to the domain will be denied access. However, if there is an error in the

configuration of this variable, by default, no host will be allowed to be an LSF floating

client.

If a requesting host belongs to an IP address that falls in the specified range, the host

will be accepted to become an LSF floating client.

Address ranges are validated at configuration time so they must conform to the required

format. If any address range is not in the correct format, no host will be accepted as an

LSF floating client and a error message will be logged in the LIM log.

Conventions

◆

IP addresses are separated by spaces, and considered "OR" alternatives.

◆

The * character indicates any value is allowed.

◆

The - character indicates an explicit range of values. For example 1-4 indicates

1,2,3,4 are allowed.

◆

Open ranges such as *-30, or 10-*, are allowed.

◆

If a range is specified with less fields than an IP address such as 10.161, it is

considered as 10.161.*.*.

◆

This parameter is limited to 255 characters.

Examples:

◆

FLOAT_CLIENTS_ADDR_RANGE=100

All client hosts with a domain address starting with 100 will be allowed access.

◆

FLOAT_CLIENTS_ADDR_RANGE=100-110.34.1-10.4-56

All client hosts belonging to a domain with an address having the first number

between 100 and 110, then 34, then a number between 1 and 10, then, a number

between 4 and 56 will be allowed access.

Example: 100.34.9.45, 100.34.1.4, 102.34.3.20, etc.