HPC/Application licenses: Difference between revisions
(39 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster. | Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster. | ||
Applications consuming these licenses can run | Applications consuming these licenses can run as follows: | ||
# On a machine outside the HPC cluster, | # On a machine outside the HPC cluster, | ||
# Interactively on Carbon's '''login nodes''', either in a [[HPC/VNC|virtual desktop (VNC)]], or displaying on your own X11 display. | # Interactively on Carbon's '''login nodes''', either in a [[HPC/VNC|virtual desktop (VNC)]], or displaying on your own X11 display. | ||
# Non-interactively (as a batch job) on Carbon's '''compute node'''. | # Non-interactively (as a batch job) on Carbon's '''compute node'''. | ||
Read below about running on non-HPC computers (case 1). | |||
<!-- The current page describes network requirements for running on non-HPC computers (case 1). --> | |||
To run on HPC-internal computers (cases 2 and 3), no network considerations arise for license access, though they do for remote graphics. | |||
== Eligible remote computers == | == Eligible remote computers == | ||
For | For help with ''installing'' or ''running'' commercially licensed applications, the target computer must meet ''all'' of the following requirements: | ||
* be Argonne-owned, | * be Argonne-owned, | ||
* have the application | * have the application already installed, or hold a download of the application's online or offline installer, | ||
* be able to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name. | * be able or eligible to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name. | ||
: | : For this, at least one of the computer's networking connection must be: | ||
:* ''wired'', in building 440/441 at Argonne, or | :* ''wired'', in building 440/441 at Argonne, or | ||
:* the ''Argonne-auth'' WiFi network in the same building, or | :* the ''Argonne-auth'' WiFi network in the same building, or | ||
:* a VPN connection that has been opened by the user account of a '''CNM staff''' member, which includes regular employees, postdocs, and students, since only such an HR status will place the user in the correct firewall perimeter, | :* a VPN connection that has been opened by the user account of a '''CNM staff''' member, which includes regular employees, postdocs, and students, since only such an HR status will place the user in the correct firewall perimeter, | ||
: | : Alternatively, the computer must: | ||
:* have an SSH connection open to {{sshgw}} that has been configured to forward (tunnel) Carbon's license server network | :* have an SSH connection open to {{sshgw}} that has been configured to forward (tunnel) the appropriate network ports of one of Carbon's license servers. | ||
== Configure client applications to access the license servers == | |||
=== Option 1: Single license server === | |||
If your computer primarily uses SSH tunneling to connect to CNM: | |||
* Ensure that tunneling to <code>clicense1</code> is ''configured'' and is ''active'' | |||
* Enter as license server: | |||
localhost | |||
Redundant license servers, described below, cannot be easily leveraged over ssh, | |||
because typically the same default port numbers are used on all license servers, | |||
and that cannot be tunneled simultaneously on the same port. | |||
=== Option 2: Redundant license servers === | |||
You can configure your application so that it can automatically select, | |||
under certain conditions (given below), | |||
the license server from 1 of 3 servers that we run at CNM. | |||
This improves license availability because when one of the servers is down, such as for maintenance, | |||
one of the other 2 can step in to serve the license. | |||
This selection requires full-fledged network connectivity for the computer where you wish to run the licensed application on. It must: | |||
:* be ''located physically at CNM'', '''and''' | |||
:* be on an active ''wired'' or ''Argonne-auth WiFi'' network connection, | |||
* '''or''' | |||
:* has ''VPN active'', '''and''' | |||
:* you are an ''NST staff member'' (only then is your computer "virtually" at NST/CNM). | |||
To use the 3-server redundant license servers, | |||
enter the following ''short host names'' (having no domain part) | |||
into the license configuration dialog of an application or in its configuration files: | |||
clicense1 | |||
clicense2 | |||
clicense3 | |||
For port numbers, see application-specific documentation. | |||
== Host name resolution == | |||
Verify that from the target computer the license server IP addresses can be looked up (resolved) from their short host names: | |||
<source lang="bash"> | |||
nslookup clicense1 | |||
</source> | |||
To this end, the target computer's network profile settings must include the following '''DNS domains:''' | |||
* <code>cnm.anl.gov</code> | * <code>cnm.anl.gov</code> | ||
* <code>nst.anl.gov</code> | * <code>nst.anl.gov</code> | ||
One or both of these domains must usually be explicitly added (once) to the appropriate VPN or networking configuration, unless ssh tunneling is used. | |||
== Eligible user and administrator accounts == | == Eligible user and administrator accounts == | ||
For ''installing'' a licensed application on a non-HPC computer, the active user account must: | For ''installing'' a licensed application on a non-HPC computer, the active user account must: | ||
* have the ability to install applications on the target computer ( | * have the ability to install applications on the target computer (be or become local administrator). | ||
For ''running'' some installers, and for all applications, the active user account must: | For ''running'' some installers, and for all applications, the active user account must: | ||
* belong to a Service Desk member, or an end user who is an Argonne employee | * belong to a Service Desk member, or to an end user who is an '''Argonne employee''', and | ||
* have been authorized to access the application license. | * have been authorized to access the application license. | ||
If not already done, | If not already done, request license access for the specific ''account name'' and ''application name'', and await confirmation. | ||
The user accounts for running installers vs. applications need not be the same. | ; Notes: | ||
<!-- CNM Facility Users who are external to Argonne are not typically eligible. --> | |||
The user accounts for running installers vs. applications need not be the same. – Some installers require and verify license access before proceeding. | |||
Access requests are made under the user account running the installer, | Access requests are made under the user account running the installer, | ||
so administrator accounts must be authorized by account name in the same manner as regular user accounts. | so administrator accounts must be authorized by account name in the same manner as regular user accounts. | ||
== Available license tokens == | == Available license tokens == | ||
A license must be available to run the application, and | A license must be available (not be in use) to run the application, and, where applicable, to run the installer. | ||
== Troubleshooting == | == Troubleshooting == | ||
When a license error occurs, one or more of the above requirements may not be met. | |||
Review the following: | Review the following: | ||
* Carefully read the '''error message'''. This is the first and best step to narrow down potential causes of a failure to obtain a license. | * Carefully read the '''error message'''. This is the first and best step to narrow down potential causes of a failure to obtain a license. | ||
* Is the target computer | * Is the target computer in a suitable '''network location''' and '''connection state'''? | ||
* Is the application configured with '''short host names''' for the license servers? | * Is the application configured with '''short host names''' for the license servers? | ||
* Does the configuration of the active network profile include the correct '''DNS search domains'''? | * Does the configuration of the active network profile include the correct '''DNS search domains'''? | ||
* Has license access been granted | * Has license access been granted to the active '''user account'''? | ||
* Is failure to obtain a license token '''persistent''', i.e., have you retried at a later time? | * Is failure to obtain a license token '''persistent''', i.e., have you retried at a later time? | ||
== Applications == | |||
Find applications-specific details at: | |||
* [[HPC/Applications/comsol]] <!-- Downloads at https://anl.box.com/s/zi8ksvr1e7192m2p7kar --> | |||
* [[HPC/Applications/lumerical]] |
Latest revision as of 17:45, November 5, 2021
Introduction
Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster. Applications consuming these licenses can run as follows:
- On a machine outside the HPC cluster,
- Interactively on Carbon's login nodes, either in a virtual desktop (VNC), or displaying on your own X11 display.
- Non-interactively (as a batch job) on Carbon's compute node.
Read below about running on non-HPC computers (case 1).
To run on HPC-internal computers (cases 2 and 3), no network considerations arise for license access, though they do for remote graphics.
Eligible remote computers
For help with installing or running commercially licensed applications, the target computer must meet all of the following requirements:
- be Argonne-owned,
- have the application already installed, or hold a download of the application's online or offline installer,
- be able or eligible to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name.
- For this, at least one of the computer's networking connection must be:
- wired, in building 440/441 at Argonne, or
- the Argonne-auth WiFi network in the same building, or
- a VPN connection that has been opened by the user account of a CNM staff member, which includes regular employees, postdocs, and students, since only such an HR status will place the user in the correct firewall perimeter,
- Alternatively, the computer must:
- have an SSH connection open to
mega
that has been configured to forward (tunnel) the appropriate network ports of one of Carbon's license servers.
- have an SSH connection open to
Configure client applications to access the license servers
Option 1: Single license server
If your computer primarily uses SSH tunneling to connect to CNM:
- Ensure that tunneling to
clicense1
is configured and is active - Enter as license server:
localhost
Redundant license servers, described below, cannot be easily leveraged over ssh, because typically the same default port numbers are used on all license servers, and that cannot be tunneled simultaneously on the same port.
Option 2: Redundant license servers
You can configure your application so that it can automatically select, under certain conditions (given below), the license server from 1 of 3 servers that we run at CNM. This improves license availability because when one of the servers is down, such as for maintenance, one of the other 2 can step in to serve the license.
This selection requires full-fledged network connectivity for the computer where you wish to run the licensed application on. It must:
- be located physically at CNM, and
- be on an active wired or Argonne-auth WiFi network connection,
- or
- has VPN active, and
- you are an NST staff member (only then is your computer "virtually" at NST/CNM).
To use the 3-server redundant license servers, enter the following short host names (having no domain part) into the license configuration dialog of an application or in its configuration files:
clicense1 clicense2 clicense3
For port numbers, see application-specific documentation.
Host name resolution
Verify that from the target computer the license server IP addresses can be looked up (resolved) from their short host names:
nslookup clicense1
To this end, the target computer's network profile settings must include the following DNS domains:
cnm.anl.gov
nst.anl.gov
One or both of these domains must usually be explicitly added (once) to the appropriate VPN or networking configuration, unless ssh tunneling is used.
Eligible user and administrator accounts
For installing a licensed application on a non-HPC computer, the active user account must:
- have the ability to install applications on the target computer (be or become local administrator).
For running some installers, and for all applications, the active user account must:
- belong to a Service Desk member, or to an end user who is an Argonne employee, and
- have been authorized to access the application license.
If not already done, request license access for the specific account name and application name, and await confirmation.
- Notes
The user accounts for running installers vs. applications need not be the same. – Some installers require and verify license access before proceeding. Access requests are made under the user account running the installer, so administrator accounts must be authorized by account name in the same manner as regular user accounts.
Available license tokens
A license must be available (not be in use) to run the application, and, where applicable, to run the installer.
Troubleshooting
When a license error occurs, one or more of the above requirements may not be met.
Review the following:
- Carefully read the error message. This is the first and best step to narrow down potential causes of a failure to obtain a license.
- Is the target computer in a suitable network location and connection state?
- Is the application configured with short host names for the license servers?
- Does the configuration of the active network profile include the correct DNS search domains?
- Has license access been granted to the active user account?
- Is failure to obtain a license token persistent, i.e., have you retried at a later time?
Applications
Find applications-specific details at: