The International Conference for High Performance Computing, Networking, Storage, and Analysis
The International Conference for High Performance Computing, Networking, Storage, and Analysis
Authors: Frank Indiviglio (National Oceanic and Atmospheric Administration (NOAA)), Ron Bewtra (Self), Ian Lee (ShorePoint)
Abstract: This session discusses the critical challenge of integrating Zero Trust (ZT) security into traditional supercomputing environments. The ZT model, based on a least-privilege, per-request architecture, has profound implications for HPC centers, application developers, and end-user workflows. We will explore the fundamentals of ZT, the purpose of NIST SP 800-207, and relevant U.S. Federal mandates. We will discuss current implementation approaches and challenges at major HPC centers. Join this interactive discussion to share your experiences, questions, and solutions.
Long Description: Topic and Relevance: This Birds of a Feather (BoF) session will address the critical challenge of implementing Zero Trust (ZT) architecture in traditional High-Performance Computing (HPC) environments. It continues the lively discussion from the SC24 BoF and will enable the community to continue the conversation. Once considered a concept for enterprise IT, ZT is now a pressing reality for the HPC community, driven by federal mandates and the escalating need to secure high-value scientific research and national cyberinfrastructure. The core ZT principle of "never trust, always verify" presents a fundamental paradigm shift away from the traditional high-trust, "castle-and-moat" security models prevalent in supercomputing. This session is highly relevant for any HPC professional grappling with how to modernize their security posture without compromising the performance and collaborative nature of scientific research.
Goals: The primary goal of this session is to create a collaborative forum to move beyond theoretical discussions and address the practical realities of ZT implementation in HPC. We aim to:
Facilitate a community-driven dialogue on the specific architectural, performance, and workflow challenges of applying ZT to supercomputing systems.
Share real-world strategies, emerging solutions, and lessons learned from institutions at the forefront of this transition.
Foster a network of peers who can collaborate on solutions and share best practices for securing complex research computing ecosystems.
Discussion Areas: The session will be a moderated, interactive discussion centered on the key friction points between ZT and HPC. We will source initial topics from attendees and explore critical questions, including:
Performance vs. Security: How can we enforce per-request authorization for MPI jobs or parallel file systems without introducing unacceptable performance overhead?
Identity at Scale: What are effective strategies for managing identity not just for users, but for services, jobs, and containers across thousands of ephemeral nodes?
Securing the Data Plane: How can we apply granular, ZT-based access controls to petabyte-scale datasets on shared storage systems without breaking scientific workflows?
Integrating Legacy Systems: What are practical approaches for securely incorporating older scientific instruments and compute hardware that lack modern security capabilities into a ZT framework?
The User Experience: How can we evolve security practices while ensuring that researchers' workflows remain as frictionless as possible?
Expected Outcome: Attendees will leave this BoF with a deeper, more nuanced understanding of how ZT principles apply to the unique demands of supercomputing. Participants will gain actionable insights from peer experiences, a clearer view of the current state-of-the-art, and new connections with colleagues actively planning and deploying ZT solutions.