Computational Cluster Programs

Security Policy on ATS-Hosted Clusters

Who may Apply for a Login Id on an ATS-Hosted Cluster

Any current UCLA student, faculty or staff member with a valid UCLA Logon Id may apply for access to the Hoffman series of clusters (e.g., Hoffman, Hoffman2).

Those who are also affiliated with a research group may apply for access to that group's own cluster, if any. Cluster access is not authorized for people not affiliated with UCLA, except by request of the cluster owner.

To access to the UCLA Grid Portal you must: a) have a login-id on a cluster which is participating in the UCLA Grid or b) be a current UCLA student, faculty or staff member with a valid UCLA Logon Id. UCLA Grid Portal access is not authorized for those not in these categories.

Safeguard your UCLA Grid Portal Username and Password

If you use the UCLA Grid Portal to access a cluster at UCLA, keep your UCLA Grid Portal Username and password safe and do not allow anyone else to access the UCLA Grid Portal using your Username.

Safeguard your Cluster Login Id and Password

If you login to a Cluster head node directly, you will have a Cluster login id and password. Cluster login ids are single user login ids only. For security, do not let anyone else know or use your login id and password. If ATS suspects that a login id is being used by more than one person, ATS will suspend access to the login id until the matter has been resolved.

Safeguard your Login id/Password on other Systems that you use while using an ATS-hosted cluster

Because the cluster head nodes of ATS-hosted clusters are NOT behind fire walls, although ATS makes every attempt to ensure the security of the systems it hosts, there is no guarantee that they cannot be compromised by a malicious attacker. For your own security and the security of other computing equipment that you use, do NOT ssh to or scp to other machines from an ATS-hosted cluster. In the rare instance that the cluster is compromized, entering passwords or other authentication information for other machines may cause those machines to be compromised as well.

Your Local (Desktop) Machine MUST be in Compliance with UCLA Policy 401

UCLA Policy 401 specifies the minimum security standards for all electronic devices connected to the UCLA Campus Network, either directly connected, connected via UCLA dialup or UCLA Virtual Private Network (VPN). Make sure you meet these minimum standards.

Accessing the Cluster Head Node

You must use the Secure Shell Protocol (SSH) version 2 to access a cluster head node. You can use the ssh, scp, and sftp commands and local GUI interfaces, on Window's machines, for example, that are based on SSH version 2. Unless specified specifically on the cluster's web site, compute nodes, including interactive nodes, on a cluster can only be accessed from the head node.

Do not leave your local machine unatteded while you are logged in from there to the cluster. If you think that your login id/password has been compromised, please change your password immediately and contact atshpc@ucla.edu. The ATS consultants will reply during normal business hours.