Requirements for Windows Azure Nodes in Windows HPC Server 2008 R2

To deploy Windows Azure worker nodes or virtual machine (VM) nodes on your HPC cluster, you must update Microsoft® HPC Pack 2008 R2 on your cluster with the appropriate service pack, according to the following table.

For installation instructions and release notes for HPC Pack 2008 R2 service packs, see Getting Started with Windows HPC Server 2008 R2.

The head node computer where Windows HPC Server 2008 R2 is installed must be fully configured (that is, all the steps required in the Deployment To-do List have been completed). Your HPC cluster can be configured in any cluster network topology (1-5) that is supported by Windows HPC Server 2008 R2. The head node must be able to connect over the Internet to Windows Azure services. In most cases, this Internet connectivity is provided by the connection of the head node to the enterprise network. You might need to contact your network administrator to configure this connectivity.

For more information about the cluster network topologies that are supported by Windows HPC Server 2008 R2, see Appendix 1: HPC Cluster Networking in the Windows HPC Server 2008 R2 Design and Deployment Guide.

If a network firewall is running on your enterprise network, the firewall must allow communication from your head node to Windows Azure on the ports listed in one of the following tables. The necessary firewall ports that must be open will differ, depending on the version of Windows HPC Server 2008 R2 that is installed. You might need to contact your network administrator to open the necessary firewall ports.

You can verify that the necessary firewall ports are open by running the Windows Azure Firewall Ports Test, which is a diagnostic test installed in Windows HPC Server 2008 R2 with SP2 or later. This test verifies general communication from the head node to Windows Azure through any existing internal and external firewalls. For more information, see Running Diagnostic Tests.

Important

If your enterprise network uses a proxy server or network firewall device that manages Internet traffic, you may need to perform additional configuration steps on the head node, or on your proxy server or network firewall device, to allow the Windows HPC Server 2008 R2 services to communicate with Windows Azure. This is necessary only in some cluster and network environments. For more information, see Step 3: Advanced Firewall and Proxy Client Configuration (Optional) later in this guide.

Ports that are required in Windows HPC Server 2008 R2 with SP3 or later

---

 

Protocol	Direction	Port	Purpose
TCP	Outbound	443	HTTPS Node deployment Communication with Windows Azure storage Communication with REST management APIs Non-HTTPS TCP traffic Service-oriented architecture (SOA) services File staging Job scheduling
TCP	Outbound	3389	RDP Remote desktop connections to the nodes

Ports that are required in Windows HPC Server 2008 R2 with SP1 or SP2

---

 

Protocol	Direction	Port	Purpose
TCP	Outbound	80	HTTP Node deployment
TCP	Outbound	443	HTTPS Node deployment Communication with Windows Azure storage Communication with REST management APIs
TCP	Outbound	3389	RDP Remote desktop connections to the nodes
TCP	Outbound	5901	Service-oriented architecture (SOA) services SOA broker
TCP	Outbound	5902	SOA services SOA proxy control
TCP	Outbound	7998	File staging
TCP	Outbound	7999	Job scheduling

Registry setting to revert to earlier firewall port configuration from Windows HPC Server 2008 R2 with SP3 or later

---

If your cluster is running Windows HPC Server 2008 R2 with SP3 or later, you can configure the head node to communicate with Windows Azure using the network firewall ports that are required for Windows HPC Server 2008 R2 with SP1 or SP2 instead of the default port 443. To change the required ports, you configure a registry setting under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HPC. Configure the DWORD named UseSp2AzurePorts, and set data greater than zero. After configuring this registry setting, you must restart the head node to restart the HPC services. You must also ensure that any internal or external firewall ports are configured properly, and redeploy any Windows Azure nodes that were deployed using the port settings that were previously configured.

Caution
Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

You must obtain a Windows Azure subscription account or have an existing Windows Azure subscription in which you can configure hosted services, storage accounts, and, if you are creating VM nodes, VHD images for your HPC cluster. For an overview of the information that you will need from your subscription to deploy Windows Azure nodes, see Checklist of Windows Azure Subscription Information for Windows HPC Server later in this guide.

• To create a Windows Azure subscription, go to the Windows Azure Account page.
  
  
• To access an existing subscription, go to the Windows Azure Management Portal.
  
  

Note

To create or access a Windows Azure subscription, you must sign in by using a Windows Live ID and password. To deploy Windows Azure VM nodes in Windows HPC Server 2008 R2 with SP2 or later, your subscription must be enabled for the VM role feature, which is currently a beta release. Similarly, to use Windows Azure Connect in Windows HPC Server 2008 R2 with SP2 or later, your subscription must be enabled for Windows Azure Connect, which is currently a CTP release. To apply for participation in these programs, sign in to the Management Portal, click Home, and then click Beta Programs. Acceptance in either program might take several days.

To enable Windows HPC Server 2008 R2 to authenticate properly with the Windows Azure subscription to deploy nodes and perform other tasks, the subscription must be configured with a management certificate. The management certificate must be a valid, public key X.509 certificate with a key size of at least 2048 bits. You must also import the certificate, with an associated private key, into certificate stores on the head node and on any client computer that is used to manage the HPC cluster and that needs a connection to Windows Azure.

If you do not already have a management certificate configured in your Windows Azure subscription, you have the following options to obtain one:

• Obtain a certificate from a public or enterprise certification authority.
  
  
• Generate a self-signed X.509 certificate – for example, by using the makecert tool that is part of the Windows SDK, or by using IIS Manager. For more information, see “Creating an X.509 certificate” in How to Create a Certificate for a Role.
  
  
• Use the Default Microsoft HPC Azure Management certificate that is generated automatically on the head node when HPC Pack 2008 R2 SP1 or later is installed. This certificate is self-signed and unique to your installation of HPC Pack 2008 R2 on the head node. This certificate is intended for testing purposes and proof-of-concept deployments.
  
  

For more information and detailed procedures to configure the management certificate, see Step 1: Configure the Management Certificate for Windows Azure later in this guide.

If you will be adding Windows Azure VM nodes and need to create a customized server operating system image (as a virtual hard disk, or VHD) to deploy the nodes, there are additional hardware and software requirements. For more information see the requirements listed Step 4: Create a VHD for VM Nodes later in this guide.

• The subscription for Windows Azure will be charged for the time that the Windows Azure nodes are available, as well as for the compute and storage services that are used. For more information, review the terms of the subscription for Windows Azure. For general information about Windows Azure pricing, see Pricing Overview.
  
  
• Each time that you start a set of Windows Azure nodes, two additional proxy role instances (size Small) are configured in Windows Azure to facilitate communication between the head node and the Windows Azure nodes. The proxy role instances are not listed in HPC Cluster Manager after the nodes are provisioned. However, the instances appear in the Windows Azure Management Portal. The proxy role instances incur charges in Windows Azure along with the Windows Azure node instances.
  
  
• If your cluster is updated with HPC Pack 2008 R2 SP2 or later and you are planning a large-scale Windows Azure deployment (more than 200 cores), you can set a registry key on the head node to improve the performance of diagnostic tests and clusrun operations on the Windows Azure nodes, and of the hpcfile utility.
  
  To do this, add a new DWORD value called FileStagingMaxConcurrentCalls in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HPC. We recommend that you configure a value that is between 50% and 100% of the number of Windows Azure nodes that you plan to deploy. To complete the configuration, after you set the FileStagingMaxConcurrentCalls value, you must stop and then restart the HPC Job Scheduler Service.
  
  

  Caution
  Incorrectly editing the registry may severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.