Keeping It All Safe: LLNL HPC Security Architecture

Transcript

1. LLNL-PRES-846171
   This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-
   AC52-07NA27344. Lawrence Livermore National Security, LLC
   Keeping It All Safe: LLNL HPC Security Architecture
   Session: HPC Architecture and Security Posture
   Ian Lee
   HPC Security Architect
   2023-03-15
   

   View Slide

2. 2
   LLNL-PRES-846171
   HPC
   Collaboration
   Zone
   Internet
   LLNL Enterprise
   Resticted Zone
   Open Compute Facility (OCF) HPC Zones
   

   View Slide

3. 3
   LLNL-PRES-846171
   Elastic Deployment – Concept
   Cluster
   Node Node Node Node Node Node
   

   View Slide

4. 4
   LLNL-PRES-846171
   Elastic Deployment – OCF Hardware
   ~ 112TB NVMe (total)
   ~ 2PB HDD (total)
   90x 16TB HDD JBOD
   45x HDD
   ~ 512TB
   45x HDD
   ~ 512TB
   Myelin5
   32GB / 8 core
   data_warm
   Myelin4
   32GB / 8 core
   data_warm
   Myelin3
   32GB / 8 core
   Master, data_hot, data_ingest
   ~ 27 TB
   NVMe
   16-32GB / 8-12 core
   Myelin2
   ~ 27TB
   NVMe
   32GB / 8 core
   Master, data_hot, data_ingest 4-8GB / 2 core
   Myelin1 (mgmt)
   Myelin
   90x 16TB HDD JBOD
   45x HDD
   ~ 512TB
   45x HDD
   ~ 512TB
   Axon5
   32GB / 8 core
   data_warm
   Axon4
   32GB / 8 core
   data_warm
   Axon3
   32GB / 8 core
   Master, data_hot, data_ingest
   ~ 27 TB
   NVMe
   16-32GB / 8-12 core
   Axon2
   ~ 27TB
   NVMe
   32GB / 8 core
   Master, data_hot, data_ingest 4-8GB / 2 core
   32GB / 8 core
   Master, data_hot, data_ingest
   Axon1 (mgmt)
   Axon
   Centrebrain3
   (Monitoring “cluster”)
   16GB / 8 core
   4GB / 2 core
   Centrebrain2
   (Dedicated Master Node)
   8GB / 8 core
   Master, voting_only
   Centrebrain1 (mgmt)
   Centrebrain
   F5
   

   View Slide

5. 5
   LLNL-PRES-846171
   Security Dashboards – Operational and Compliance
   

   View Slide

6. 6
   LLNL-PRES-846171
   Continuous Monitoring
   § LC HPC is the gold standard for
   continuous monitoring at LLNL
   § Aligns with federal trends towards
   continuous monitoring
   § Reduce burden of manual processes on
   sys admins, shifting those efforts
   to automation and alerting
   — Let SysAdmins focus on the
   engineering work
   

   View Slide

7. 7
   LLNL-PRES-846171
   Continuous Monitoring – Auth Failures
   

   View Slide

8. 8
   LLNL-PRES-846171
   Continuous Monitoring – GitLab
   

   View Slide

9. Disclaimer
   This document was prepared as an account of work sponsored by an agency of the United States government. Neither the United
   States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or
   implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus,
   product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific
   commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or
   imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC.
   The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or
   Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes.
   Thank you!
   Looking forward to the discussion coming up.
   [email protected]
   @IanLee1521
   

   View Slide