Cluster Policies

Usage

With few exceptions, users should avoid processing on the head node. Small very short jobs that use very little memory or cpu usage is acceptable. If you have questions about this, please ask.

A couple important reasons why we would like you to avoid processing on the head:

1) This is the only way users can log onto the cluster. If the head node resources are being used for processing, users will see slow responses and may find it difficult to even do a directory listing.

2) If the processing takes too much memory or cpu, the head node could crash. This would cause an inconvenience for everyone using the cluster at the time of the crash. If the work is done on a compute node, only the users on that particular compute node will be burdened.

File Storage

The storage on the cluster was put in place so users could utilized enterprise grade storage for their computational needs. The cluster is not intended to be used for a file and/or backup server. Please do not store your processed data on the cluster. Only data currently being used for processing and current results of cluster processing should reside on the cluster.

User Support

All users of the MIND cluster should send email with their account application, support requests and questions to David Pane <dpane@cmu.edu> or phone David at 412-268-7108. Please include your cluster username in your email.

The SCS Facilities has various types of accounts that map to various levels of user support. Most MIND cluster users have SCS lowest tiered accounts. This means that these users do not have the level of support where they can submit help requests directly to the SCS Facility help desk. If you have a SCS account due to being affiliated with the SCS department, you may have a full support account. However, everyone who is a user on the NI/CNBC Cluster should submit MIND cluster support requests to David.

Account Policies

The cluster is available to lab members and collaborators of the PI paying the cluster support charges but should should be done within reason. Work done on the cluster should be for the research done within the bounds of the collaboration. Anything short of this would be taking advantage of a resource that is paid for and supported by our community.
Each user must have their own user account on the cluster. Multi-user accounts are NOT allowed. We support lab UNIX groups to enable sharing of data between lab members and collaborators.
There is no firewall between the SCS network and the internet. As a result, the network gets scanned several hundred or even thousands of times per day. Every year, there are numerous break-ins to SCS hosts. The vast majority of these break-ins happen because of poor password or that passwords are sent over the network unencrypted and get sniffed.

A note from the Manager of Neuroscience Institute Computing

It is my desire to provide an efficient, reliable, shared, high performance computing resource for our research community. In order to accomplish this, I need your help with two things:

1) If you have a need or problem, please contact me. I will work with you to help you resolve your issue(s). I cannot resolve problems and make changes if I don’t know about it.

2) Become familiar with the environment and tools on the cluster. This knowledge base website, along with the policies and guidelines within it are intended to help everyone accomplish their objectives. Please take the time to read and understand the policies and information that pertains to the cluster. If you find that it is lacking in some way, please contact me and I will do my best to improve it.

Thank you in advance for your cooperation and understanding.

Respectfully,

David Pane
Manager of Computing
Neuroscience Institute
Center for the Neural Basis of Cognition
Carnegie Mellon University
4400 Fifth Avenue, Suite 115
Pittsburgh, PA 15213
412-268-7108

The Reasonable Person Principle

This is part of the “unwritten culture” in our computing comunity. It holds that reasonable people strike a suitable balance between their own immediate desires and the good of the community at large.

Everyone will be reasonable.
Everyone expects everyone else to be reasonable.
No one is special.
Do not be offended if someone suggests you are not being reasonable.

Reasonable people think about their needs, and the needs of others, and adjust their behavior to meet the goals of a common good for the community, (i.e. expressing what you want to do, but accepting and accommodating the needs of others).

Not all people share the same model of reasonableness, so disagreements inevitably occur.

Under the reasonable person principle, the first thing to do is work it out privately. Indeed, many people would find it reasonable to bring in third parties before trying personal discussion.

More generally, the reasonable person principle favors local, unofficial actions over formal administrative ones. It assumes that people will be responsive when reminded of a conflict or asked to re-examine their behavior. It encourages requesting rather than demanding. And it leaves some room for the difference of opinion.

It is YOUR responsibility….

It is the responsibility of each user to become familiar with Carnegie Mellon University’s policies and guidelines. This is in addition to our cluster policies. The following resources are available to assist you in understanding expectations:

The Word/Student Handbook: http://www.cmu.edu/student-affairs/theword/index.html
Academic Integrity Website: http://www.cmu.edu/academic-integrity/
University Policies Website: http://www.cmu.edu/policies/
Graduate Education Website: http://www.cmu.edu/graduate/policies/index.html

Passwords and keeping your passwords secure!

SCS has an extensive page on choosing a password. see https://computing.cs.cmu.edu/security/security-password.html

Always use encrypting connections when sending passwords over the network. Note that passwords may still be eavesdropped through keyboard and tty sniffers even if you do use encrypted network connections.
Avoid typing passwords at untrusted hosts.
Don’t use the same passwords for different purposes.
Use string passwords.
Don’t share your passwords with others.

Security

The following offsite links will open in a new browser window:

CMU Computing Services Information Security Office: Guidelines for secure computing at CMU
CERT: Security advisories and lots of good information.
Security Focus: Security news, and home of various mailing lists, including bugtraq archives.
SANS Institute: See their reading room for a large collection of security-related articles.
Insecure.org: The home of Nmap, along with other security-related resources, including some good lists of security tools.

Connections and File Transfers

Whenever you connect to the cluster or use the network, you should assume that somebody could be eavesdropping on the packet data that you send and receive. For that reason, whenever you are transmitting sensitive data, such as passwords, over the network, you should use some form of encryption to protect your data.

For remote logins: Use SSH for logging into the cluster. This will protect your network traffic from being snooped in transit.

Data transfers must also be done over a secure connection.

Only active users on the cluster will have access to the data on it. If a user needs to share data with a someone that doesn’t have an active account on the cluster, then the data should be transferred to a server which allows guest accounts.

Updated on January 11, 2023

Was this article helpful?

Yes No

Need Help?

Can't find the answer you're looking for?

Contact NI Support