Getting Started
Assumption
To ensure that Secure HPC can protect your sensitive data, we start by trusting two key systems:
- The HPC System’s Image Server: We assume that the image server, which is part of the HPC system, is secure. It is located in a highly secure area of the HPC system, protected by multiple layers of security, and is only accessible by a few essential services and administrators. This secure location helps us trust that the image server is safe from unauthorized access.
- The User’s Personal System (Secure Client): We also assume that your personal system, such as a laptop or workstation, is secure. This is crucial because your data begins its journey on your local system before being sent to Secure HPC.
It is important to understand that the secure client should be highly trusted by you. If your local system is not secure, your data could be compromised before it even reaches the secure workflow of Secure HPC. This is why we emphasize the term secure clientβit signifies that your local system must be safeguarded with utmost care to ensure the overall security of your data.
These assumptions are essential because they ensure that the entire process, from start to finish, is secure. Trust in the system comes from knowing that both the initial and final stages of the process are protected.
Requirements
Minimum Hardware Requirements
- Processor: 4-core CPU (Intel/AMD)
- Memory: 8 GB RAM
- Storage: 100 GB available disk space
- Network: Internet connection
Software Dependencies
The supported operating systems are Linux based OS. Most software dependencies are available by default on Linux-based operating systems. However, some additional software needs to be installed:
- Git: Version control system for managing code. For installation instructions, visit the Git installation guide.
- Apptainer (formerly Singularity): Container platform for running applications in isolated environments. For installation instructions, visit the Apptainer installation guide.
User Requirements
Access to HPC System: Access to the HPC system is required. If you don’t have an account, please refer to our documentation on getting an account.
Initial experience with job Submission with Slurm: Users should be familiar with job submission processes and using the Slurm workload manager. Please refer to our Slurm documentation for more details.
Access to our HashiCorp Vault server: this requirement is fulfilled when you already got in touch with us and we provided you with a token. The token has to be placed in a specific directory named
secret. You can test it by running the following commands in the terminal:export VAULT_ADDR='https://kms.hpc.gwdg.de' vault login <token>If the token is valid, Vault will return a success message. If not, an error message will be displayed.
Installation Guide
Step-by-Step Instructions for Installing Secure HPC:
Clone the Secure HPC Git Repository: Open a terminal and run the following command:
git clone https://gitlab-ce.gwdg.de/gwdg/hpc-usage-examples.git cd hpc-usage-examples/secure-hpcRequest Access:
- HPC System Access: Ensure you have an account and the necessary permissions to access the HPC system.
- Vault Access: Request access to the Vault (Key Management System) for managing encryption keys.
Install Required Software:
Install Git:
Copy code sudo apt-get install gitInstall Singularity/Apptainer: Follow the instructions from the Singularity/Apptainer website for your specific Linux distribution.
GPG is available by default on every Linux based OS
Configure Secure HPC:
Generate GPG Key Pair:
Copy code gpg --full-generate-keyFollow the prompts to create your key pair.
Upload Public Key to Vault: Use the instructions provided by your HPC administrator to upload your public key to the Vault.
Configuration Settings:
- Encryption Configuration: Configure LUKS containers and Singularity/Apptainer containers as per the Secure HPC guidelines.
- Vault Configuration: Ensure the Vault is properly configured for key management. Follow the instructions provided by your HPC administrator.
…