Comprehensive Federated Authentication for AI/HPC Infrastructure

With the advent of accelerated computing comes the need to provide comprehensive end-to-end authentication across all the resources that comprise a typical AI/HPC cluster.

However, for many organizations, this involves reconciling typical corporate identity infrastructure, such as Microsoft Active Directory, with Linux-based systems. Additionally, these clusters pose unique challenges, including preserving proof of identity during batch scheduling, within CI/CD pipelines, on parallel filesystems and/or across several network fabrics.

In this presentation, we will demonstrate how to achieve the best of both worlds, using the Eos supercomputer (#10 on Top500) as a reference. We will showcase how we solved these issues leveraging the federated authentication and identity management from FreeIPA, alongside the capabilities of our project, Sybil.

We will detail how we were able to provide strong security guarantees for various types of services (e.g. SSH, Lustre, NFS, CI/CD, Slurm, SHARP, MNVLink) coupled with modern best practices (SSO, 2FA, etc), while accommodating both on-premises and cloud-based authentication.