Dr. Wolfgang De Salvador - EMEA GBB HPC/AI Infrastructure Senior Specialist
Dr. Darko Mocelj - EMEA GBB HPC/AI Infrastructure Senior Specialist
Resources and references used in this article:
As of today, several tools, frameworks and automations allow the deployment of HPC infrastructures in a cloud environment.
Azure CycleCloud enables users and IT administrators to run cloud-only or hybrid (bursting) clusters leveraging traditional HPC schedulers like OpenPBS, SGE, Altair PBS Professional and Slurm.
Azure CycleCloud provides the possibility to preserve standard submission interfaces from on-premises HPC systems, without the need to re-architect or alter by any means the standard simulation workflows. In this way, end users can keep running and using their standard applications without any disruption.
Azure CycleCloud provides out of the box the possibility for interaction and cluster operations only using a standard SSH connection for the end users or scheduler default APIs (e.g. Slurm APIs).
This blog post presents an Azure CycleCloud project allowing to deploy an Open OnDemand portal, an efficient open-source web portal for job submission, job monitoring, file management and remote desktop/application sessions.
This project allows to deploy an Open OnDemand Portal like az-hop, but allowing the user to just deploy a single VM with a portal to be attached to an already existing and configured Azure CycleCloud cluster.
Basic authentication option and self-signed SSL certificates should be considered only for test/development purpose, away from production systems because of the security concerns
The project can be deployed following the step-by-step guide provided in the README of the GitHub repository.
The steps involved in getting the project accessible inside Azure CycleCloud are:
The project will deploy a single sever hosting an Open OnDemand portal allowing the users to specify:
All the secrets and certificates involved in the configuration are safely stored inside an Azure Key Vault which is accessed by the Azure CycleCloud nodes through a Managed Identity.
After the cluster is successfully deployed, the user will be able to have a basic interface to access the main OnDemand functionality:
Open OnDemand portal must be able to map the username provided by an external authentication mechanism like OIDC or OIDC Dex LDAP to a local Linux user account. This will be the Linux account that will be impersonating the user and interacting with the cluster through Open OnDemand.
This is something that remains responsibility of the user following the Open OnDemand documentation.
An easy way to realize this is to enable Azure CycleCloud EntraID and using the following additional configuration in Open OnDemand Portal:
user_map_match: '^([^@]+)@example.com$'
oidc_remote_user_claim: "email"
This will map the users authenticated from EntraID directly to a local user in the system. The configuration above can be inputted directly from Azure CycleCloud UI and respectively:
As already extensively implemented and developed in az-hop, Open OnDemand allows to create on-demand interactive Desktop Session or Interactive App session with nodes dynamically allocated by Azure CycleCloud.
The underlying concept is that a Desktop session will be submitted as a job to the scheduler and Azure CycleCloud will allocate the required nodes for the session duration.
In order to get this up in OnDemand, the steps are:
There is the plan in a future project release to integrate this configuration also in an automation.
In a similar way of interactive session, Open OnDemand allows to define submission forms for specific batch submission logics.
For example, here an example of integrating OpenFOAM submission in the OpenOnDemand portal:
Once the job is finished, it can be visualized using a Desktop session GPU accelerated:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.