HPC/Application licenses: Difference between revisions

From CNM Wiki
< HPC
Jump to navigation Jump to search
 
(8 intermediate revisions by the same user not shown)
Line 10: Line 10:


To run on HPC-internal computers (cases 2 and 3), no network considerations arise for license access, though they do for remote graphics.
To run on HPC-internal computers (cases 2 and 3), no network considerations arise for license access, though they do for remote graphics.
== License servers ==
* If a user's computer is located physically at CNM or connected over VPN:
: Enter the following ''short host names'' (having no domain part) into the license configuration dialog of an application or in its configuration files:
clicense1
clicense2
clicense3
* If the computer uses SSH tunneling:
** Ensure that tunneling to <code>clicense1</code> is ''configured'' and is ''active''
** Enter <code>localhost</code> as license server.
: Server redundancy cannot be leveraged over ssh since, typically, the same default port numbers are used on all license servers, which cannot be tunneled simultaneously.
For port numbers, see application-specific documentation.


== Eligible remote computers ==
== Eligible remote computers ==
Line 35: Line 22:
: Alternatively, the computer must:
: Alternatively, the computer must:
:* have an SSH connection open to {{sshgw}} that has been configured to forward (tunnel) the appropriate  network ports of one of Carbon's license servers.
:* have an SSH connection open to {{sshgw}} that has been configured to forward (tunnel) the appropriate  network ports of one of Carbon's license servers.
== Configure client applications to access the license servers ==
=== Option 1: Single license server ===
If your computer primarily uses SSH tunneling to connect to CNM:
* Ensure that tunneling to <code>clicense1</code> is ''configured'' and is ''active''
* Enter as license server:
localhost
Redundant license servers, described below, cannot be easily leveraged over ssh,
because typically the same default port numbers are used on all license servers,
and that cannot be tunneled simultaneously on the same port.
=== Option 2: Redundant license servers ===
You can configure your application so that it can automatically select,
under certain conditions (given below),
the license server from 1 of 3 servers that we run at CNM.
This improves license availability because when one of the servers is down, such as for maintenance,
one of the other 2 can step in to serve the license.
This selection requires full-fledged network connectivity for the computer where you wish to run the licensed application on. It must:
:* be ''located physically at CNM'', '''and'''
:* be on an active ''wired'' or ''Argonne-auth WiFi'' network connection,
* '''or'''
:* has ''VPN active'', '''and'''
:* you are an ''NST staff member'' (only then is your computer "virtually" at NST/CNM).
To use the 3-server redundant license servers,
enter the following ''short host names'' (having no domain part)
into the license configuration dialog of an application or in its configuration files:
clicense1
clicense2
clicense3
For port numbers, see application-specific documentation.


== Host name resolution ==
== Host name resolution ==
Verify that from the target computer the license server IP addresses can be looked up (resolved) from their short host names.
Verify that from the target computer the license server IP addresses can be looked up (resolved) from their short host names:
 
<source lang="bash">
The target computer's network profile settings must include the following '''DNS domains:'''
nslookup clicense1
</source>
To this end, the target computer's network profile settings must include the following '''DNS domains:'''
* <code>cnm.anl.gov</code>
* <code>cnm.anl.gov</code>
* <code>nst.anl.gov</code>
* <code>nst.anl.gov</code>
For connection types other than SSH, one or both domains must be explicitly added (once) to the appropriate VPN or networking configuration.
One or both of these domains must usually be explicitly added (once) to the appropriate VPN or networking configuration, unless ssh tunneling is used.


== Eligible user and administrator accounts ==
== Eligible user and administrator accounts ==

Latest revision as of 17:45, November 5, 2021

Introduction

Licenses for several high-profile commercial applications are hosted on servers within the Carbon HPC cluster. Applications consuming these licenses can run as follows:

  1. On a machine outside the HPC cluster,
  2. Interactively on Carbon's login nodes, either in a virtual desktop (VNC), or displaying on your own X11 display.
  3. Non-interactively (as a batch job) on Carbon's compute node.

Read below about running on non-HPC computers (case 1).

To run on HPC-internal computers (cases 2 and 3), no network considerations arise for license access, though they do for remote graphics.

Eligible remote computers

For help with installing or running commercially licensed applications, the target computer must meet all of the following requirements:

  • be Argonne-owned,
  • have the application already installed, or hold a download of the application's online or offline installer,
  • be able or eligible to reach the Carbon license servers (components of the Carbon HPC cluster) over the network by short host name.
For this, at least one of the computer's networking connection must be:
  • wired, in building 440/441 at Argonne, or
  • the Argonne-auth WiFi network in the same building, or
  • a VPN connection that has been opened by the user account of a CNM staff member, which includes regular employees, postdocs, and students, since only such an HR status will place the user in the correct firewall perimeter,
Alternatively, the computer must:
  • have an SSH connection open to mega that has been configured to forward (tunnel) the appropriate network ports of one of Carbon's license servers.

Configure client applications to access the license servers

Option 1: Single license server

If your computer primarily uses SSH tunneling to connect to CNM:

  • Ensure that tunneling to clicense1 is configured and is active
  • Enter as license server:
localhost

Redundant license servers, described below, cannot be easily leveraged over ssh, because typically the same default port numbers are used on all license servers, and that cannot be tunneled simultaneously on the same port.

Option 2: Redundant license servers

You can configure your application so that it can automatically select, under certain conditions (given below), the license server from 1 of 3 servers that we run at CNM. This improves license availability because when one of the servers is down, such as for maintenance, one of the other 2 can step in to serve the license.

This selection requires full-fledged network connectivity for the computer where you wish to run the licensed application on. It must:

  • be located physically at CNM, and
  • be on an active wired or Argonne-auth WiFi network connection,
  • or
  • has VPN active, and
  • you are an NST staff member (only then is your computer "virtually" at NST/CNM).

To use the 3-server redundant license servers, enter the following short host names (having no domain part) into the license configuration dialog of an application or in its configuration files:

clicense1
clicense2
clicense3

For port numbers, see application-specific documentation.

Host name resolution

Verify that from the target computer the license server IP addresses can be looked up (resolved) from their short host names:

nslookup clicense1

To this end, the target computer's network profile settings must include the following DNS domains:

  • cnm.anl.gov
  • nst.anl.gov

One or both of these domains must usually be explicitly added (once) to the appropriate VPN or networking configuration, unless ssh tunneling is used.

Eligible user and administrator accounts

For installing a licensed application on a non-HPC computer, the active user account must:

  • have the ability to install applications on the target computer (be or become local administrator).

For running some installers, and for all applications, the active user account must:

  • belong to a Service Desk member, or to an end user who is an Argonne employee, and
  • have been authorized to access the application license.

If not already done, request license access for the specific account name and application name, and await confirmation.

Notes

The user accounts for running installers vs. applications need not be the same. – Some installers require and verify license access before proceeding. Access requests are made under the user account running the installer, so administrator accounts must be authorized by account name in the same manner as regular user accounts.

Available license tokens

A license must be available (not be in use) to run the application, and, where applicable, to run the installer.

Troubleshooting

When a license error occurs, one or more of the above requirements may not be met.

Review the following:

  • Carefully read the error message. This is the first and best step to narrow down potential causes of a failure to obtain a license.
  • Is the target computer in a suitable network location and connection state?
  • Is the application configured with short host names for the license servers?
  • Does the configuration of the active network profile include the correct DNS search domains?
  • Has license access been granted to the active user account?
  • Is failure to obtain a license token persistent, i.e., have you retried at a later time?

Applications

Find applications-specific details at: