This topic describes the security group rules on which Elastic High Performance Computing (E-HPC) depends, security group rules on which WorkBench depends, and how to manage security group rules.
Security group rules depended upon by E-HPC
E-HPC relies on various network ports and services to provide its core capability. The following table lists some key security group rules that you must configure based on your business requirements.
Service | Port/Protocol | Description | Security recommendation | |
SSH | 22/TCP | Allows users to remotely access E-HPC instances based on the SSH protocol. | Allow only specific IP addresses or CIDR blocks for the access for enhanced security. | |
NFS |
| Supports online file systems for data sharing. | Limit access sources to allow only internal networks or trusted external networks for the sharing. | |
HPC scheduler | Slurm | 6817-6819/TCP | Used for cluster management and job scheduling. | Ensure that these ports are open only to nodes in the cluster. |
PBS |
| Used for communication with PBS servers and managing job queues. | Ensure that these ports are open only within the cluster. | |
Monitoring and logging (such as Prometheus and Fluentd) |
| Used for collecting and analyzing system performance data. | Allow only monitoring servers to access these ports. | |
Web Portal | 12011/TCP | Works as the web portal for daily job management and supports operations such as job submission, job query, and data management. | Ensure that the security group to which the cluster belongs has allowed access on inbound ports. | |
Security group rules depended upon by WorkBench
Workbench is a remote connection tool provided by Alibaba Cloud that allows you to connect to Elastic Compute Service (ECS) instances from a browser without installing additional software. For more information, see Security group settings related to Workbench.
The following table lists the security group rules.
Service | Port/Protocol | Description | Security recommendation |
RDP (Windows) | 3389 | A remote desktop protocol for remote access and control of Windows systems. | Allow only users who require remote access permissions, and regularly review these permissions to ensure their necessity. |
Jupyter Notebook | 8888/TCP | Used for interactive data analysis and visualization. | Allow only specific IP addresses or CIDR blocks to access. |
VS Code Server | 3000/TCP | Used for remote code editing and development. | Allow only internal access or access from trusted external networks. |
Git | 22/TCP | Used for versioning and code repository management. | Ensure these ports are open only to authorized users to protect code security. |
Docker | 2375/TCP 2376/TCP | Used for containerized application management and deployment. | Allow only internal access to prevent security risks. |
Reference
For more information about adding, modifying, querying, deleting, importing, and exporting security group rules, see Manage security group rules.