5. Gateways: bohrg1 and bohrg3

5.1. Network Topology

Both the Bohrg and Dominion clusters exist on private networks for security reasons. In order to access either cluster, users must first login to a gateway machine: for the Bohrg cluster, this is bohrg1.man.ac.uk, and for the Dominion cluster, this is bohrg3.man.ac.uk.

Each gateway machine has two network connections --- one facing the public Internet, the other facing the private network on which the cluster sits.

5.2. Home Directories

Users' home directories on bohrg1 and bohrg3 are local and unconnected to home directories on the Bohrg and Dominion clusters.

5.3. Firewalling

Both gateway machines have default-deny firewalls configured, i.e., most connections, inward and outward, whether originating from the outside world, the Bohrg or Dominion cluster, or from the machines themselves, are blocked.

Almost the only permitted connection is into bohrg1/bohrg3 via SSH.

5.4. Restricted User Environment on bohrg3

Users will find that once authenticated to bohrg3 their environment is severely restricted: almost the only action available to users is to ssh into the Dominion cluster. This has been done for security reasons.

5.5. Copying Files to/from Bohrg and Dominion (NAT/Forwarding)

Occasionally it is desirable to launch a connection from, say, the Bohrg cluster, to the outside world. For example, you may want to copy (via SCP) a file to your desktop machine. This is handled by network address translation and connection forwarding on the gateway; it is completely transparent to users and makes it possible to scp a file from the head/submit nodes to the outside world in one step, rather than by first copying it to the gateway --- for details, see the FAQ.

...previousup (conts)next...



About this document:

Produced from the SGML: /home/mc/public_html/_bohrg/_reml_grp/bohrg_dominion_user_doc.reml
On: 12/12/2005 at 13:37:58
Options: reml2 -i noindex -l long -o html -p multiple