User manual

ManualsBrandsMATLAB ManualsComputer equipmentDISTRIBUTED COMPUTING SERVER 4 - SYSTEM ADMINISTRATORS GUIDE

2 Network Administration

Security Consid

erations

The distributed

computing products do not provide any security measures.

Therefore, you s

hould be aware of the following security considerations:

• MATLAB workers r

un as whate ver user the administrator starts the n ode’s

mdce service un

der. By default, the mdce service starts as root on UNIX

and as

LocalSys

tem

on Windows. Because MATLAB provides sy stem calls,

users can submi

tjobsthatexecuteshellcommands.

• The mdce servic

e does not enforce any access control or authentication.

Anyone with loc

al or remote access to the m dce services can start and stop

their workers

and job managers, and query for their status.

• The job manage

r does not restrict access to the cluster, nor to job and task

data. Using a t

hird-party scheduler instead of the MathWorks job manager

could allow yo

u to take advantage of the security measures it provides.

• The distribut

ed computing p roces ses must all be on the same side of a

firewall, or

youmusttakemeasurestoenablethemtocommunicatewith

each other th

rough the firewall. Workers running tasks of the same parallel

job cannot be

firewalled off from each other, because their MPI-based

communicat

ion will not work.

• If certain p

orts are restricted, you can specify the ports used for distributed

computing.

See “Defining the Script Defaults” on page 2-10.

• If your netw

ork supports multicast, the distributed com puting proce sses

accommodat

e multicast. However, because multicast is disabled on many

networks f

or security reasons, you might require unicast communication

between di

stributed computing proce sses. Most examples of MDCE scripts

and Distri

buted Computing Toolbox functions in the documentation show

unicast us

age.

• If your org

anization is a member of the Internet Multicast Backbone

(MBone),

you need to ensure that your distributed computing cluster is

isolated

from MBone access if you are using multicast for distributed

computin

g. This is generally the default condition. If you have any

question

s about MBone membership, contact your network administrator.

2-4