On Thu, 2017-10-26 at 18:51 -0400, Dj Merrill wrote:
> On 10/26/2017 6:40 PM, Christopher Heiny wrote:
> > The IT
> > department didn't want the workers on private network, so all the
> nodes
> > are on the same subnet. According to InfoSec, that means we need
> > firewalls.
>
>
> The firewalls
As Hugh mentioned Univa GridEngine has the port_range option and it works for
both builtin and sshd configuration.
Regards,
Bill.
(notice: I work for Univa)
> On Oct 26, 2017, at 5:43 PM, MacMullan IV, Hugh
> wrote:
>
> You can turn on system firewalls, and allow all inbound port TCP traf
You can turn on system firewalls, and allow all inbound port TCP traffic from
all cluster nodes, only. And then open ssh ports to on-site, or some other
restricted set of subnets. Perhaps that will satisfy your InfoSec team.
If you use Univa GridEngine, you can specify the ‘port_range’ option fo
On Thu, 2017-10-26 at 23:49 +0200, Reuti wrote:
> Hi,
>
> Am 26.10.2017 um 23:31 schrieb Christopher Heiny:
>
> >
> > Hi folks,
> >
> > We're using OGS 2011.11p1. qrsh has been configured to use ssh for
> > connections. This worked fine when we were running with no
> > firewall,
> > but the I
Hi,
Am 26.10.2017 um 23:31 schrieb Christopher Heiny:
> Hi folks,
>
> We're using OGS 2011.11p1. qrsh has been configured to use ssh for
> connections. This worked fine when we were running with no firewall,
> but the InfoSec team recently specified that all unused ports must be
> firewalled (
Hi folks,
We're using OGS 2011.11p1. qrsh has been configured to use ssh for
connections. This worked fine when we were running with no firewall,
but the InfoSec team recently specified that all unused ports must be
firewalled (actually, a rather sensible thing to do).
Unfortunately, it looks l
