Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Checklist of Security Settings That Can Be Tightened with Windows HPC Server 2008 R2

Updated: October 7, 2010

Applies To: Windows HPC Server 2008 R2

The following checklist outlines the main configuration aspects of Windows HPC Server 2008 R2 that are described in this document (Security in Windows HPC Server 2008 R2), provides recommendations for tightening the security for those aspects, and lists references for more information. To help maximize the security for your HPC cluster, review the recommendations and references that apply to your installation.

When implementing security for your installation, also be sure to follow security basics such as restricting physical access to your servers and networks, and using strong passwords. For information about such security basics and about applying software updates (which can help strengthen the security of a server), see "Additional references," later in this topic.


  Configuration aspect and recommendation Reference
Check box

Network topology: When creating the network design and connecting the physical networks for the cluster, use network topology 1 or 3.

If your cluster will run Message Passing Interface (MPI) jobs, also review "Considerations for an HPC cluster that will run MPI jobs" in Understanding Security Considerations for Network Topologies in Windows HPC Server 2008 R2.

Check box

SQL Server database security measures: Review the security options in SQL Server 2008 and choose appropriate options for the databases for your HPC cluster.

Check box

Pre-Boot Execution Environment (PXE) for compute nodes: Whenever you have new compute nodes that have just been booted from PXE, review the list of offline nodes carefully, to ensure that you bring online only the nodes you intentionally created.

(If you are using PXE, also review the other recommendations in Understanding Security Considerations for the PXE Boot Process in Windows HPC Server 2008 R2.)

Check box

Node templates for compute nodes that are deployed from bare metal: When you create a new compute node template in Windows HPC Server 2008 R2 for compute nodes that will be added to your cluster from bare metal, specify the setting that limits local administrative access to compute nodes.

Check box

HPC cluster users and administrators: Arrange for the creation of two custom groups in Active Directory Domain Services (AD DS), one group for HPC cluster users and one for HPC cluster administrators. Assign these groups to the appropriate roles in your HPC cluster, and remove default groups such as Domain Users from HPC cluster users, and Domain Admins from HPC cluster administrators.

Also, as with any server technology, limit the number of people you designate as administrators in an HPC cluster.

Check box

File and folder permissions for important files: Track and protect the computers and folders where files that are important to your HPC cluster are stored.

Check box

Job records and the associated encrypted passwords: Review the length of time that job records (and the encrypted passwords associated with them) are stored in your cluster, and evaluate whether to make that time shorter.

As with any server technology, it is also important to avoid tightening the security settings in ways that may interfere with server function. In this document, the following topics describe specific settings that must be configured appropriately to allow an HPC cluster to function:

Additional references

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft. All rights reserved.