As part of reviewing security for your HPC cluster, you may also need to review firewall exceptions and access for the client applications you run in the cluster to ensure that steps that you take for security do not prevent your applications from running. The following considerations may be helpful when reviewing firewall exceptions and access:
By default, if an HPC cluster includes private and application networks, Windows Firewall is disabled on those networks (although by default, it is enabled on the enterprise network). This provides the best performance and manageability experience. If you are using private and application networks, and intra-node security is important to you, isolate the private and application networks behind the head node. If you require access to the enterprise network from the private and application networks, enable network address translation (NAT) for them.
Even when Windows Firewall is turned on, Windows HPC Server 2008 R2 opens ports and application exceptions to enable internal services to run.
If your client applications require specific Windows Firewall exceptions, you must configure the specific exceptions that are needed.