You set the MATLAB® Job Scheduler security level with the SECURITY_LEVEL parameter
in the mjs_def file before starting the mjs service on your cluster nodes.
The mjs_def file indicates what values are allowed, and briefly describes
each security level.
The following table describes the available security levels for accessing a MATLAB Job Scheduler and its jobs.
| Security Level | Description | User Requirements |
|---|---|---|
| 0 | No security.
|
|
| 1 | Jobs are identified with the submitting user.
|
|
| 2 | Job manager MATLAB Job Scheduler password protection on jobs.
|
|
| 3 | In addition to the security of level 2, tasks run as the submitting user on worker machines.
|
|
The job manager and the workers should run at the same security level. A worker running at too low a security level will fail to register with the job manager, because the job manager does not trust it.
For any security above level 0, when you start the MATLAB Job Scheduler (for example, with the startjobmanager command), a cluster user account named admin is
created for this cluster, and you are prompted to provide a password for this new account. The
cluster admin account has all the necessary permissions for accessing the
cluster and all its jobs.
For any security level, the MATLAB Job Scheduler identifies every job with the user who submits the job. Therefore, whenever you access the MATLAB Job Scheduler or a job, the MATLAB Job Scheduler must be aware of who you are.
At security level 0, the MATLAB Job Scheduler and job objects’ UserName property is set to the
login name of the person who creates the job; this setting can be changed at any time. For all
higher security levels, the first access to the MATLAB Job Scheduler causes a dialog box to open which asks for your username; if the
security level is 2 or 3, you must also provide a password. The username and password you
provide for the MATLAB Job Scheduler needs to match your network username and password
only if you are using security level 3; otherwise, you can create a new
username and password unique for the MATLAB Job Scheduler. For your convenience, you can choose how long to save your username
and password on the local computer, so that you do not need to enter them every time you access
your job.
For information about changing a password and logging out of a MATLAB Job Scheduler, see changePassword (Parallel Computing Toolbox) and logout (Parallel Computing Toolbox).
To establish secure encrypted communication between MATLAB Job Scheduler, client and workers, set
USE_SECURE_COMMUNICATION = true
ALL_SERVER_SOCKETS_IN_CLUSTER = true (default)
in the mjs_def file. Secure encrypted communication is
provided via SSLSocket using TLSv1.2 only.
Note
If ALL_SERVER_SOCKETS_IN_CLUSTER = false in the
mjs_def file, then secure encrypted communication is established between
MATLAB Job Scheduler and workers only.
You must also provide a value for the SHARED_SECRET_FILE parameter in
the mjs_def file, identifying where the file can be found from the
MATLAB Job Scheduler perspective. To create this file, run either script:
matlabroot/toolbox/parallel/bin/createSharedSecret
matlabroot\toolbox\parallel\bin\createSharedSecret.bat
The secret file establishes trust between the processes on different machines.
In a shared file system, all the nodes can point to the same secret file, and they can
even all share the same mjs_def file.
In a nonshared file system, create a secret file with the provided script, then copy the
file to each node and make sure each node’s mjs_def file indicates where
its particular secret file is located.
Note
Secure communication is required when using MATLAB Job Scheduler security level 3.