$30 off During Our Annual Pro Sale. View Details »

Keeping It All Safe: LLNL HPC Security Architecture

Ian Lee
March 15, 2023

Keeping It All Safe: LLNL HPC Security Architecture

With the increasing complexity of systems, and the infrastructure our users demand in order to get their jobs done, the challenges of securing our HPC systems have steadily increased. Various compliance frameworks can help, but they are not the be all end of of security. There is more than must be done in order to shed light on our environments and to actually monitor what is going on, and to gain insight in to what should be going on. This talk will cover a high level of the focus of the Security Operations team at Livermore Computing, and the work we are focused on to tackle these problems.

Ian Lee

March 15, 2023
Tweet

More Decks by Ian Lee

Other Decks in Technology

Transcript

  1. LLNL-PRES-846171
    This work was performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-
    AC52-07NA27344. Lawrence Livermore National Security, LLC
    Keeping It All Safe: LLNL HPC Security Architecture
    Session: HPC Architecture and Security Posture
    Ian Lee
    HPC Security Architect
    2023-03-15

    View Slide

  2. 2
    LLNL-PRES-846171
    HPC
    Collaboration
    Zone
    Internet
    LLNL Enterprise
    Resticted Zone
    Open Compute Facility (OCF) HPC Zones

    View Slide

  3. 3
    LLNL-PRES-846171
    Elastic Deployment – Concept
    Cluster
    Node Node Node Node Node Node

    View Slide

  4. 4
    LLNL-PRES-846171
    Elastic Deployment – OCF Hardware
    ~ 112TB NVMe (total)
    ~ 2PB HDD (total)
    90x 16TB HDD JBOD
    45x HDD
    ~ 512TB
    45x HDD
    ~ 512TB
    Myelin5
    32GB / 8 core
    data_warm
    Myelin4
    32GB / 8 core
    data_warm
    Myelin3
    32GB / 8 core
    Master, data_hot, data_ingest
    ~ 27 TB
    NVMe
    16-32GB / 8-12 core
    Myelin2
    ~ 27TB
    NVMe
    32GB / 8 core
    Master, data_hot, data_ingest 4-8GB / 2 core
    Myelin1 (mgmt)
    Myelin
    90x 16TB HDD JBOD
    45x HDD
    ~ 512TB
    45x HDD
    ~ 512TB
    Axon5
    32GB / 8 core
    data_warm
    Axon4
    32GB / 8 core
    data_warm
    Axon3
    32GB / 8 core
    Master, data_hot, data_ingest
    ~ 27 TB
    NVMe
    16-32GB / 8-12 core
    Axon2
    ~ 27TB
    NVMe
    32GB / 8 core
    Master, data_hot, data_ingest 4-8GB / 2 core
    32GB / 8 core
    Master, data_hot, data_ingest
    Axon1 (mgmt)
    Axon
    Centrebrain3
    (Monitoring “cluster”)
    16GB / 8 core
    4GB / 2 core
    Centrebrain2
    (Dedicated Master Node)
    8GB / 8 core
    Master, voting_only
    Centrebrain1 (mgmt)
    Centrebrain
    F5

    View Slide

  5. 5
    LLNL-PRES-846171
    Security Dashboards – Operational and Compliance

    View Slide

  6. 6
    LLNL-PRES-846171
    Continuous Monitoring
    § LC HPC is the gold standard for
    continuous monitoring at LLNL
    § Aligns with federal trends towards
    continuous monitoring
    § Reduce burden of manual processes on
    sys admins, shifting those efforts
    to automation and alerting
    — Let SysAdmins focus on the
    engineering work

    View Slide

  7. 7
    LLNL-PRES-846171
    Continuous Monitoring – Auth Failures

    View Slide

  8. 8
    LLNL-PRES-846171
    Continuous Monitoring – GitLab

    View Slide

  9. Disclaimer
    This document was prepared as an account of work sponsored by an agency of the United States government. Neither the United
    States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or
    implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus,
    product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific
    commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or
    imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC.
    The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or
    Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes.
    Thank you!
    Looking forward to the discussion coming up.
    [email protected]
    @IanLee1521

    View Slide