HPC/Application licenses: Difference between revisions

From CNM Wiki
< HPC
Jump to navigation Jump to search
 
(52 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Introduction ==
== Introduction ==
Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster.
Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster.
Applications consuming these licenses can run in the following modes and network locations:
Applications consuming these licenses can run as follows:
# On a machine outside the HPC cluster,
# On a machine outside the HPC cluster,
# Interactively on Carbon's '''login nodes''', either in a [[HPC/VNC|virtual desktop (VNC)]], or displaying on your own X11 display.
# Interactively on Carbon's '''login nodes''', either in a [[HPC/VNC|virtual desktop (VNC)]], or displaying on your own X11 display.
# Non-interactively (as a batch job) on Carbon's '''compute node'''.
# Non-interactively (as a batch job) on Carbon's '''compute node'''.
The current page describes network requirements for situation 1 only. The others require no networking considerations for license access, though they do for remote graphics.


== License servers ==
Read below about running on non-HPC computers (case 1).
Carbon's license servers are:
<!-- The current page describes network requirements for running on non-HPC computers (case 1). -->
clicense1
 
clicense2
To run on HPC-internal computers (cases 2 and 3), no network considerations arise for license access, though they do for remote graphics.
clicense3
Enter these specific ''short host names'' (having no domain part) in licensing configuration dialogs or configuration files. Learn more below.


== Eligible remote computers ==
== Eligible remote computers ==
For both ''installing'' and for ''running'' licensed applications, the target computer must meet '''all''' of the following requirements:
For help with ''installing'' or ''running'' commercially licensed applications, the target computer must meet ''all'' of the following requirements:
* be Argonne-owned,
* be Argonne-owned,
* have the application pre-installed, or hold a download of the application's online or offline installer,
* have the application already installed, or hold a download of the application's online or offline installer,
* be able to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name.
* be able or eligible to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name.
: Thus, the computer's networking connections must be:
: For this, at least one of the computer's networking connection must be:
:* ''wired'', in building 440/441 at Argonne, or
:* ''wired'', in building 440/441 at Argonne, or
:* the ''Argonne-auth'' WiFi network in the same building, or
:* the ''Argonne-auth'' WiFi network in the same building, or
:* a VPN connection that has been opened by the user account of a '''CNM staff''' member, which includes regular employees, postdocs, and students, since only such an HR status will place the user in the correct firewall perimeter,
:* a VPN connection that has been opened by the user account of a '''CNM staff''' member, which includes regular employees, postdocs, and students, since only such an HR status will place the user in the correct firewall perimeter,
: or the computer must:
: Alternatively, the computer must:
:* have an SSH connection open to {{sshgw}} that has been configured to forward (tunnel) Carbon's license server network ports.
:* have an SSH connection open to {{sshgw}} that has been configured to forward (tunnel) the appropriate  network ports of one of Carbon's license servers.
 
== Configure client applications to access the license servers ==
=== Option 1: Single license server ===
If your computer primarily uses SSH tunneling to connect to CNM:
* Ensure that tunneling to <code>clicense1</code> is ''configured'' and is ''active''
* Enter as license server:
localhost
Redundant license servers, described below, cannot be easily leveraged over ssh,
because typically the same default port numbers are used on all license servers,
and that cannot be tunneled simultaneously on the same port.
 
=== Option 2: Redundant license servers ===
You can configure your application so that it can automatically select,
under certain conditions (given below),
the license server from 1 of 3 servers that we run at CNM.
This improves license availability because when one of the servers is down, such as for maintenance,
one of the other 2 can step in to serve the license.
 
This selection requires full-fledged network connectivity for the computer where you wish to run the licensed application on. It must:
:* be ''located physically at CNM'', '''and'''
:* be on an active ''wired'' or ''Argonne-auth WiFi'' network connection,
* '''or'''
:* has ''VPN active'', '''and'''
:* you are an ''NST staff member'' (only then is your computer "virtually" at NST/CNM).
 
To use the 3-server redundant license servers,
enter the following ''short host names'' (having no domain part)
into the license configuration dialog of an application or in its configuration files:
clicense1
clicense2
clicense3
 
For port numbers, see application-specific documentation.


To look up (resolve) the IP addresses of the license servers from their short host names, the target computer's network profile settings must include the following DNS domains:
== Host name resolution ==
Verify that from the target computer the license server IP addresses can be looked up (resolved) from their short host names:
<source lang="bash">
nslookup clicense1
</source>
To this end, the target computer's network profile settings must include the following '''DNS domains:'''
* <code>cnm.anl.gov</code>
* <code>cnm.anl.gov</code>
* <code>nst.anl.gov</code>
* <code>nst.anl.gov</code>
That is implicitly the case for SSH-tunneled connections, but for all other connection types the domains usually must be specifically added (once) in the computer's network configuration.
One or both of these domains must usually be explicitly added (once) to the appropriate VPN or networking configuration, unless ssh tunneling is used.


== Eligible user accounts ==
== Eligible user and administrator accounts ==
For ''installing'' a licensed application on a non-HPC computer, the active user account must:
For ''installing'' a licensed application on a non-HPC computer, the active user account must:
* have the ability to install applications on the target computer (already be local admin, as opposed to become local admin).
* have the ability to install applications on the target computer (be or become local administrator).
 
For ''running'' some installers, and for all applications, the active user account must:
* belong to a Service Desk member, or to an end user who is an '''Argonne employee''', and
* have been authorized to access the application license.


Further, to run the application, and for some applications even its installers, the active user account must:
If not already done, request license access for the specific ''account name'' and ''application name'', and await confirmation.
* belong to a Service Desk member or an end user who is an Argonne employee, as opposed to a CNM Facility User, and
* have been authorized to access the application license. If not already done, send the specific ''account name'' and ''application name'' requested to Dr. Sternberg, then await confirmation.


The user accounts used for installation vs. running an application need not and often are not the same, though some installers require and verify license access. This is done under the user account that runs the installer, meaning that administrator accounts must be authorized by name.
; Notes:
<!-- CNM Facility Users who are external to Argonne are not typically eligible. -->
 
The user accounts for running installers vs. applications need not be the same. – Some installers require and verify license access before proceeding.
Access requests are made under the user account running the installer,
so administrator accounts must be authorized by account name in the same manner as regular user accounts.


== Available license tokens ==
== Available license tokens ==
A license must be available to run the application, and for some applications, even to run the installer.
A license must be available (not be in use) to run the application, and, where applicable, to run the installer.
 
== Applications ==
Find applications-specific details at:
* [[HPC/Applications/comsol]] <!-- Downloads at https://anl.box.com/s/zi8ksvr1e7192m2p7kar -->
* [[HPC/Applications/lumerical]]


== Troubleshooting ==
== Troubleshooting ==
Failure to obtain a license may be attributable to any one of the items above.
When a license error occurs, one or more of the above requirements may not be met.


Review the following:
Review the following:


* Carefully read the '''error message'''. This is the first and best step to narrow down potential causes of a failure to obtain a license.
* Carefully read the '''error message'''. This is the first and best step to narrow down potential causes of a failure to obtain a license.
* Is the target computer's in a suitable '''network location''' and state?
* Is the target computer in a suitable '''network location''' and '''connection state'''?
* Is the application configured with '''short host names''' for the license servers?
* Is the application configured with '''short host names''' for the license servers?
* Does the configuration of the active network profile include the correct '''DNS search domains'''?
* Does the configuration of the active network profile include the correct '''DNS search domains'''?
* Has license access been granted for the active '''user account'''?
* Has license access been granted to the active '''user account'''?
* Is failure to obtain a license token '''persistent''', i.e., have you retried at a later time?
* Is failure to obtain a license token '''persistent''', i.e., have you retried at a later time?
== Applications ==
Find applications-specific details at:
* [[HPC/Applications/comsol]] <!-- Downloads at https://anl.box.com/s/zi8ksvr1e7192m2p7kar -->
* [[HPC/Applications/lumerical]]

Latest revision as of 17:45, November 5, 2021

Introduction

Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster. Applications consuming these licenses can run as follows:

  1. On a machine outside the HPC cluster,
  2. Interactively on Carbon's login nodes, either in a virtual desktop (VNC), or displaying on your own X11 display.
  3. Non-interactively (as a batch job) on Carbon's compute node.

Read below about running on non-HPC computers (case 1).

To run on HPC-internal computers (cases 2 and 3), no network considerations arise for license access, though they do for remote graphics.

Eligible remote computers

For help with installing or running commercially licensed applications, the target computer must meet all of the following requirements:

  • be Argonne-owned,
  • have the application already installed, or hold a download of the application's online or offline installer,
  • be able or eligible to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name.
For this, at least one of the computer's networking connection must be:
  • wired, in building 440/441 at Argonne, or
  • the Argonne-auth WiFi network in the same building, or
  • a VPN connection that has been opened by the user account of a CNM staff member, which includes regular employees, postdocs, and students, since only such an HR status will place the user in the correct firewall perimeter,
Alternatively, the computer must:
  • have an SSH connection open to mega that has been configured to forward (tunnel) the appropriate network ports of one of Carbon's license servers.

Configure client applications to access the license servers

Option 1: Single license server

If your computer primarily uses SSH tunneling to connect to CNM:

  • Ensure that tunneling to clicense1 is configured and is active
  • Enter as license server:
localhost

Redundant license servers, described below, cannot be easily leveraged over ssh, because typically the same default port numbers are used on all license servers, and that cannot be tunneled simultaneously on the same port.

Option 2: Redundant license servers

You can configure your application so that it can automatically select, under certain conditions (given below), the license server from 1 of 3 servers that we run at CNM. This improves license availability because when one of the servers is down, such as for maintenance, one of the other 2 can step in to serve the license.

This selection requires full-fledged network connectivity for the computer where you wish to run the licensed application on. It must:

  • be located physically at CNM, and
  • be on an active wired or Argonne-auth WiFi network connection,
  • or
  • has VPN active, and
  • you are an NST staff member (only then is your computer "virtually" at NST/CNM).

To use the 3-server redundant license servers, enter the following short host names (having no domain part) into the license configuration dialog of an application or in its configuration files:

clicense1
clicense2
clicense3

For port numbers, see application-specific documentation.

Host name resolution

Verify that from the target computer the license server IP addresses can be looked up (resolved) from their short host names:

nslookup clicense1

To this end, the target computer's network profile settings must include the following DNS domains:

  • cnm.anl.gov
  • nst.anl.gov

One or both of these domains must usually be explicitly added (once) to the appropriate VPN or networking configuration, unless ssh tunneling is used.

Eligible user and administrator accounts

For installing a licensed application on a non-HPC computer, the active user account must:

  • have the ability to install applications on the target computer (be or become local administrator).

For running some installers, and for all applications, the active user account must:

  • belong to a Service Desk member, or to an end user who is an Argonne employee, and
  • have been authorized to access the application license.

If not already done, request license access for the specific account name and application name, and await confirmation.

Notes

The user accounts for running installers vs. applications need not be the same. – Some installers require and verify license access before proceeding. Access requests are made under the user account running the installer, so administrator accounts must be authorized by account name in the same manner as regular user accounts.

Available license tokens

A license must be available (not be in use) to run the application, and, where applicable, to run the installer.

Troubleshooting

When a license error occurs, one or more of the above requirements may not be met.

Review the following:

  • Carefully read the error message. This is the first and best step to narrow down potential causes of a failure to obtain a license.
  • Is the target computer in a suitable network location and connection state?
  • Is the application configured with short host names for the license servers?
  • Does the configuration of the active network profile include the correct DNS search domains?
  • Has license access been granted to the active user account?
  • Is failure to obtain a license token persistent, i.e., have you retried at a later time?

Applications

Find applications-specific details at: