Lockheed Martin

Lockheed Martin Improves Security Capabilities and Reduces HPC Costs with Altair PBS Professional™

The Challenge: Managing HPC Resources in Multi-Level Security Environments

Security is critically important for government computing systems, so when the experts at Lockheed Martin are tasked with configuring one, they use Red Hat® Enterprise Linux® cross-domain system (CDS) configurations for multi-level security (MLS) — enabling users and data at different security levels to share the same resources including hardware, operating systems, and disks. The MLS policy and other features built into Red Hat Enterprise Linux enable role-based access control (RBAC), automated auditing, and many other security features.

The MLS configuration in Red Hat Enterprise Linux helps control hardware costs by combining users at different security levels on the same HPC systems while ensuring efficient system access by all users. This is particularly useful for the U.S. military and intelligence communities, where information systems supporting multiple data sets (such as those classified as Secret, Top Secret, and Confidential) have historically been physically separated to mitigate security concerns. Joseph Swartz, program chief scientist at Lockheed Martin, explains: “For example, with cross-domain security a user at a higher security level (say Top Secret) can read data from a lower security level (say Secret). If the Top Secret user modifies the data in any way, the system automatically re-labels the data at the Top Secret level. Without this capability enabled, the Top Secret user would have to gain access to a different HPC system to access the data he needed; then we would have to manually reset the security level of that data to Top Secret.”

Cross-domain security can also be used on an unclassified HPC system to separate companies with proprietary data from each other, ensuring data protection but requiring only one system. There are many other uses for this type of Red Hat configuration, which reduces the number of HPC systems required, increases system security, and enhances overall flexibility in many areas inside and outside of an HPC environment.

Because users at different security levels share the system, Lockheed Martin needed to deploy a resource scheduler capable of operating in an MLS Red Hat Enetrprise Linux environment, enabling the greatest flexibility in setting queue and job priorities, providing automated accounting information, and helping each user complete runs on time and with the appropriate priorities.

Implementing CDS/MLS-aware workload management software enables companies like Lockheed Martin to manage HPC resources in real time and to consolidate and share HPC systems with complex security requirements and constraints. It also ensures users will get maximum utilization from HPC systems.
“Without a workload manager that can use Red Hat Enterprise Linux cross-domain security, we were forced to install a version of our scheduler at each security level and manage the HPC resources by whiteboard,” said Swartz. “Each security level was assigned to a specific set of hardware resources, so if the security level was not running at a given time, those resources were wasted since they couldn’t be shared by other users at different levels of security.”

The Solution: Altair’s PBS Professional with Cross-Domain Security Support for Red Hat Enterprise Linux

Lockheed Martin evaluated all proven HPC resource management vendors and closely investigated the ability of each vendor to meet queuing and prioritization requirements, as well as the company’s willingness to work with Lockheed Martin to make the code modifications required to bring the scheduler into compatibility with Red Hat crossdomain configurations.

“We chose Altair thanks to PBS Professional’s rich set of queuing, managing, and reporting capabilities and the company’s willingness to innovate with us,” said Swartz. "The PBS Professional implementation with Red Hat offered broad flexibility in setting queue and job priorities, and it provided the automated accounting information and many other capabilities we needed to ensure each user gets his job completed in the appropriate time and with the appropriate priority.”

”Red Hat Enterprise Linux features tight integration with SELinux, which enables the platform’s native configurations to offer role-based access control (RBAC), data labeling, and continuous monitoring of security controls,” explained Shawn Wells, Director of Innovation Programs, Red Hat Public Sector. “Through PBS Professional, Altair abstracts these technical complexities to provide a consumable interface for cross-domain supercomputing, supporting multi-level security and unifying underlying security controls with workload management.” Lockheed Martin worked closely with Altair to ensure the software met the highest levels of security requirements to work correctly in a Red Hat Enterprise Linux cross-domain environment. Lockheed Martin originally installed PBS Professional on two SGI UV100 systems and quickly added three additional systems. They then installed five Cray® CS™ distributed-memory clusters in their new datacenter with a total of 388 sockets, representing the first use of MLS on distributed-memory cluster systems.

The Result: Cost Savings and Improved System-Wide Efficiency

Thanks to the PBS Professional installation supporting cross-domain security, Lockheed Martin can now easily and securely manage HPC resources in real time across more than 20 different security levels and compartments, ensuring full system utilization.

In addition, by providing a cross-domain supercomputing platform, the Altair-Red Hat solution enabled Lockheed Martin to dramatically reduce HPC procurement costs in support of a large U.S. government program. Rather than maintaining individual HPC systems, Lockheed Martin consolidated resources into two supercomputers, resulting in tens of millions of dollars in upfront savings, reduced datacenter footprints and power consumption, and a simplified IT architecture.