LSF Version 7.3 - Administering Platform LSF

ManualsBrandsHP ManualsSoftwareHP XC System 4.x Software

171

172

173

174

175

176

177

178

179

180

Administering Platform LSF 177

Platform LSF Licensing

FLOAT_CLIENTS= 25

End Parameters

...

The FLOAT_CLIENTS parameter sets the size of your license pool in the

cluster. When the master LIM starts up, the number of licenses specified in

FLOAT_CLIENTS (or fewer) can be checked out for use as floating client

licenses.

If the parameter FLOAT_CLIENTS is not specified in

lsf.cluster.cluster_name, or there is an error in either license.dat or in

lsf.cluster.cluster_name, the floating LSF client license feature is disabled.

5 Start the license server daemon.

See Start the license daemons on page 166.

6 To allow your changes to take effect, reconfigure the cluster with the

commands:

lsadmin reconfig

badmin mbdrestart

CAUTION: When the LSF floating client license feature is enabled, any host can submit jobs

to the cluster. You can limit which hosts can be LSF floating clients. See Security issues with

floating client licenses on page 177.

Security issues with floating client licenses

If you want to install or have installed floating client licenses, it is important that

you read this section to inform yourself of the security issues. There are measures

to compensate for these security issues (see Configuring security for LSF floating

client licenses on page 177).

With LSF client licenses, when you list client hosts in

lsf.cluster.cluster_name,

there is a level of security defined since you specify the exact hosts that will be used

by the LSF system. Host authentication is done in this way.

With LSF floating client licenses, you should be aware of the security issues:

◆ Hosts that are not specified in lsf.cluster.cluster_name can submit requests.

This means any host can submit requests.

◆ Remote machines make it easier for users to submit commands with a fake user

ID. As a result, if an authorized user uses the user ID

lsfadmin, the user will be

able to run commands that affect the entire cluster or shut it down and cause

problems in the LSF system.

Configuring security for LSF floating client licenses

Read this section to learn how to configure security against the issues presented in

Security issues with floating client licenses on page 177.

To resolve these security issues, the LSF administrator can limit which client hosts

submit requests in the cluster by adding a domain or a range of domains in

lsf.cluster.cluster_name with the parameter

FLOAT_CLIENTS_ADDR_RANGE.