Keeping It All Safe: LLNL HPC Security Architecture

Transcript

1. LLNL-PRES-846171 This work was performed under the auspices of the

   U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE- AC52-07NA27344. Lawrence Livermore National Security, LLC Keeping It All Safe: LLNL HPC Security Architecture Session: HPC Architecture and Security Posture Ian Lee HPC Security Architect 2023-03-15

2. 2 LLNL-PRES-846171 HPC Collaboration Zone Internet LLNL Enterprise Resticted Zone

   Open Compute Facility (OCF) HPC Zones

3. 3 LLNL-PRES-846171 Elastic Deployment – Concept Cluster Node Node Node

   Node Node Node

4. 4 LLNL-PRES-846171 Elastic Deployment – OCF Hardware ~ 112TB NVMe

   (total) ~ 2PB HDD (total) 90x 16TB HDD JBOD 45x HDD ~ 512TB 45x HDD ~ 512TB Myelin5 32GB / 8 core data_warm Myelin4 32GB / 8 core data_warm Myelin3 32GB / 8 core Master, data_hot, data_ingest ~ 27 TB NVMe 16-32GB / 8-12 core Myelin2 ~ 27TB NVMe 32GB / 8 core Master, data_hot, data_ingest 4-8GB / 2 core Myelin1 (mgmt) Myelin 90x 16TB HDD JBOD 45x HDD ~ 512TB 45x HDD ~ 512TB Axon5 32GB / 8 core data_warm Axon4 32GB / 8 core data_warm Axon3 32GB / 8 core Master, data_hot, data_ingest ~ 27 TB NVMe 16-32GB / 8-12 core Axon2 ~ 27TB NVMe 32GB / 8 core Master, data_hot, data_ingest 4-8GB / 2 core 32GB / 8 core Master, data_hot, data_ingest Axon1 (mgmt) Axon Centrebrain3 (Monitoring “cluster”) 16GB / 8 core 4GB / 2 core Centrebrain2 (Dedicated Master Node) 8GB / 8 core Master, voting_only Centrebrain1 (mgmt) Centrebrain F5

5. 5 LLNL-PRES-846171 Security Dashboards – Operational and Compliance

6. 6 LLNL-PRES-846171 Continuous Monitoring § LC HPC is the gold

   standard for continuous monitoring at LLNL § Aligns with federal trends towards continuous monitoring § Reduce burden of manual processes on sys admins, shifting those efforts to automation and alerting — Let SysAdmins focus on the engineering work

7. 7 LLNL-PRES-846171 Continuous Monitoring – Auth Failures

8. 8 LLNL-PRES-846171 Continuous Monitoring – GitLab

9. Disclaimer This document was prepared as an account of work

   sponsored by an agency of the United States government. Neither the United States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes. Thank you! Looking forward to the discussion coming up. [email protected] @IanLee1521