HPC/Application licenses: Difference between revisions

From CNM Wiki
< HPC
Jump to navigation Jump to search
 
(66 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Introduction ==
== Introduction ==
Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster.
Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster.
Applications consuming these licenses can run at the following network locations:
Applications consuming these licenses can run as follows:
# As a standalone application on an '''external computer'''.
# On a machine outside the HPC cluster,
# Interactively on Carbon's '''login nodes''', either in a [[HPC/VNC|virtual desktop (VNC)]], or displaying on your own X11 display.
# Interactively on Carbon's '''login nodes''', either in a [[HPC/VNC|virtual desktop (VNC)]], or displaying on your own X11 display.
# Non-interactively (as a batch job) on Carbon's '''compute node'''.
# Non-interactively (as a batch job) on Carbon's '''compute node'''.
The current page describes network requirements for situation 1 only. The others require no networking considerations for license access, though they do for remote graphics.


== License servers ==
Read below about running on non-HPC computers (case 1).
Carbon's license servers are:
<!-- The current page describes network requirements for running on non-HPC computers (case 1). -->
 
To run on HPC-internal computers (cases 2 and 3), no network considerations arise for license access, though they do for remote graphics.
 
== Eligible remote computers ==
For help with ''installing'' or ''running'' commercially licensed applications, the target computer must meet ''all'' of the following requirements:
* be Argonne-owned,
* have the application already installed, or hold a download of the application's online or offline installer,
* be able or eligible to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name.
: For this, at least one of the computer's networking connection must be:
:* ''wired'', in building 440/441 at Argonne, or
:* the ''Argonne-auth'' WiFi network in the same building, or
:* a VPN connection that has been opened by the user account of a '''CNM staff''' member, which includes regular employees, postdocs, and students, since only such an HR status will place the user in the correct firewall perimeter,
: Alternatively, the computer must:
:* have an SSH connection open to {{sshgw}} that has been configured to forward (tunnel) the appropriate  network ports of one of Carbon's license servers.
 
== Configure client applications to access the license servers ==
=== Option 1: Single license server ===
If your computer primarily uses SSH tunneling to connect to CNM:
* Ensure that tunneling to <code>clicense1</code> is ''configured'' and is ''active''
* Enter as license server:
localhost
Redundant license servers, described below, cannot be easily leveraged over ssh,
because typically the same default port numbers are used on all license servers,
and that cannot be tunneled simultaneously on the same port.
 
=== Option 2: Redundant license servers ===
You can configure your application so that it can automatically select,
under certain conditions (given below),
the license server from 1 of 3 servers that we run at CNM.
This improves license availability because when one of the servers is down, such as for maintenance,
one of the other 2 can step in to serve the license.
 
This selection requires full-fledged network connectivity for the computer where you wish to run the licensed application on. It must:
:* be ''located physically at CNM'', '''and'''
:* be on an active ''wired'' or ''Argonne-auth WiFi'' network connection,
* '''or'''
:* has ''VPN active'', '''and'''
:* you are an ''NST staff member'' (only then is your computer "virtually" at NST/CNM).
 
To use the 3-server redundant license servers,
enter the following ''short host names'' (having no domain part)
into the license configuration dialog of an application or in its configuration files:
  clicense1
  clicense1
  clicense2
  clicense2
  clicense3
  clicense3
Enter these specific ''short host names'' (having no domain part) in application configuration dialogs or configuration files. Learn more below.


== Eligible remote computers ==
For port numbers, see application-specific documentation.
The target computer must meet '''all''' of the following requirements:
 
* be Argonne-owned,
== Host name resolution ==
* have the application pre-installed, or hold a download of the application's online or offline installer,
Verify that from the target computer the license server IP addresses can be looked up (resolved) from their short host names:
* be able to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name.
<source lang="bash">
: Thus, the computer must be networked on:
nslookup clicense1
:* a ''wired'' connection in building 440/441 at Argonne, or
</source>
:* the ''Argonne-auth'' WiFi network in the same building, or
To this end, the target computer's network profile settings must include the following '''DNS domains:'''
:* a VPN connection that has been opened by the user account of a '''CNM staff''' member, which includes regular employees, postdocs, and students, since only this HR status will place the user in the correct firewall perimeter,
* <code>cnm.anl.gov</code>
: or the computer must:
* <code>nst.anl.gov</code>
:* have an SSH connection open to {{sshgw}} that has been configured to forward ("tunnel)" Carbon's license server network ports.
One or both of these domains must usually be explicitly added (once) to the appropriate VPN or networking configuration, unless ssh tunneling is used.
 
== Eligible user and administrator accounts ==
For ''installing'' a licensed application on a non-HPC computer, the active user account must:
* have the ability to install applications on the target computer (be or become local administrator).
 
For ''running'' some installers, and for all applications, the active user account must:
* belong to a Service Desk member, or to an end user who is an '''Argonne employee''', and  
* have been authorized to access the application license.


To resolve the license servers' short host names, the target computer's network profile settings must include the DNS domains <code>cnm.anl.gov</code> and <code>nst.anl.gov</code>. That is automatic for SSH-tunnels over {{sshgw}}, but in all other cases the domains usually must be added explicitly in the computer's network configuration.
If not already done, request license access for the specific ''account name'' and ''application name'', and await confirmation.


== Eligible user accounts ==
; Notes:
For installing and running a licensed application on a non-HPC computer, the user account that is active to run the application, and sometimes even its installer, must:
<!-- CNM Facility Users who are external to Argonne are not typically eligible. -->
* belong to the end user (who must be an Argonne employee, not an external CNM Facility User), or an IT colleague, and
* have the ability to install applications on the target computer (already be local admin, as opposed to become local admin), and
* have been authorized to access the application license. If not already done, send the specific ''account name'' and ''application name'' requested to Dr. Sternberg, then await confirmation.


The user accounts used for installation vs. running an application need not and often are not the same.
The user accounts for running installers vs. applications need not be the same. – Some installers require and verify license access before proceeding.
Access requests are made under the user account running the installer,
so administrator accounts must be authorized by account name in the same manner as regular user accounts.


== Available license tokens ==
== Available license tokens ==
* A license must be available to run the application, and for some applications, even to run the installer.
A license must be available (not be in use) to run the application, and, where applicable, to run the installer.
 
== Troubleshooting ==
When a license error occurs, one or more of the above requirements may not be met.
 
Review the following:
 
* Carefully read the '''error message'''. This is the first and best step to narrow down potential causes of a failure to obtain a license.
* Is the target computer in a suitable '''network location''' and '''connection state'''?
* Is the application configured with '''short host names''' for the license servers?
* Does the configuration of the active network profile include the correct '''DNS search domains'''?
* Has license access been granted to the active '''user account'''?
* Is failure to obtain a license token '''persistent''', i.e., have you retried at a later time?


== Applications ==
== Applications ==

Latest revision as of 17:45, November 5, 2021

Introduction

Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster. Applications consuming these licenses can run as follows:

  1. On a machine outside the HPC cluster,
  2. Interactively on Carbon's login nodes, either in a virtual desktop (VNC), or displaying on your own X11 display.
  3. Non-interactively (as a batch job) on Carbon's compute node.

Read below about running on non-HPC computers (case 1).

To run on HPC-internal computers (cases 2 and 3), no network considerations arise for license access, though they do for remote graphics.

Eligible remote computers

For help with installing or running commercially licensed applications, the target computer must meet all of the following requirements:

  • be Argonne-owned,
  • have the application already installed, or hold a download of the application's online or offline installer,
  • be able or eligible to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name.
For this, at least one of the computer's networking connection must be:
  • wired, in building 440/441 at Argonne, or
  • the Argonne-auth WiFi network in the same building, or
  • a VPN connection that has been opened by the user account of a CNM staff member, which includes regular employees, postdocs, and students, since only such an HR status will place the user in the correct firewall perimeter,
Alternatively, the computer must:
  • have an SSH connection open to mega that has been configured to forward (tunnel) the appropriate network ports of one of Carbon's license servers.

Configure client applications to access the license servers

Option 1: Single license server

If your computer primarily uses SSH tunneling to connect to CNM:

  • Ensure that tunneling to clicense1 is configured and is active
  • Enter as license server:
localhost

Redundant license servers, described below, cannot be easily leveraged over ssh, because typically the same default port numbers are used on all license servers, and that cannot be tunneled simultaneously on the same port.

Option 2: Redundant license servers

You can configure your application so that it can automatically select, under certain conditions (given below), the license server from 1 of 3 servers that we run at CNM. This improves license availability because when one of the servers is down, such as for maintenance, one of the other 2 can step in to serve the license.

This selection requires full-fledged network connectivity for the computer where you wish to run the licensed application on. It must:

  • be located physically at CNM, and
  • be on an active wired or Argonne-auth WiFi network connection,
  • or
  • has VPN active, and
  • you are an NST staff member (only then is your computer "virtually" at NST/CNM).

To use the 3-server redundant license servers, enter the following short host names (having no domain part) into the license configuration dialog of an application or in its configuration files:

clicense1
clicense2
clicense3

For port numbers, see application-specific documentation.

Host name resolution

Verify that from the target computer the license server IP addresses can be looked up (resolved) from their short host names:

nslookup clicense1

To this end, the target computer's network profile settings must include the following DNS domains:

  • cnm.anl.gov
  • nst.anl.gov

One or both of these domains must usually be explicitly added (once) to the appropriate VPN or networking configuration, unless ssh tunneling is used.

Eligible user and administrator accounts

For installing a licensed application on a non-HPC computer, the active user account must:

  • have the ability to install applications on the target computer (be or become local administrator).

For running some installers, and for all applications, the active user account must:

  • belong to a Service Desk member, or to an end user who is an Argonne employee, and
  • have been authorized to access the application license.

If not already done, request license access for the specific account name and application name, and await confirmation.

Notes

The user accounts for running installers vs. applications need not be the same. – Some installers require and verify license access before proceeding. Access requests are made under the user account running the installer, so administrator accounts must be authorized by account name in the same manner as regular user accounts.

Available license tokens

A license must be available (not be in use) to run the application, and, where applicable, to run the installer.

Troubleshooting

When a license error occurs, one or more of the above requirements may not be met.

Review the following:

  • Carefully read the error message. This is the first and best step to narrow down potential causes of a failure to obtain a license.
  • Is the target computer in a suitable network location and connection state?
  • Is the application configured with short host names for the license servers?
  • Does the configuration of the active network profile include the correct DNS search domains?
  • Has license access been granted to the active user account?
  • Is failure to obtain a license token persistent, i.e., have you retried at a later time?

Applications

Find applications-specific details at: