Share via


Install the Microsoft HPC Pack Web Components

 

Applies To: Microsoft HPC Pack 2012, Microsoft HPC Pack 2012 R2

Starting with HPC Pack 2008 R2 with SP2, you can install and configure the HPC Pack web components. The web components include the following:

  • The Windows HPC Server Web Portal, which cluster users can use to submit and manage jobs

  • An interface to the HPC Job Scheduler Service using an HTTP web service that is based on the representational state transfer (REST) model

Note

The HPC Pack web components can only be installed on the head node of the cluster.

When the administrator and HPC Server Web Portal are all on the Head Node, the administrator can test how the users see the portal and get access as an administrator by running Internet Explorer with elevated privileges (“Run as administrator”). If an administrator is accessing the HPC Server Web Portal from a server other than the Head Node, then the administrator should connect to the portal with administrative credentials.

To install the HPC Pack web components, you must use the installation file HpcWebComponents.msi. HpcWebComponents.msi is included in HPC Pack installation files available at the Microsoft Download Center, or in the HPC Pack installation media.

To install the web components, perform the following steps:

1. Run HpcWebComponents.msi

2. Choose an SSL certificate for the HPC web components

3. Configure the web components

4. Validate the installation of the HPC Server Web Portal

1. Run HpcWebComponents.msi

First, run the HpcWebComponents.msi installation program on the head node computer. Follow the steps in the wizard.

Note

If you have configured the head node of your cluster for high availability in the context of a failover cluster, run HpcWebComponents.msi first on the active head node, and then on the passive head node.

2. Choose an SSL certificate for the HPC web components

To communicate with web clients over Secure Sockets Layer (SSL), the HPC web components use an SSL certificate that is bound to the port that is used for communication (port 443 by default). If a certificate is not already bound to this port, you must specify the thumbprint of a X.509 certificate during the configuration of the web components. It is recommended that you obtain a trusted certificate from an appropriate certification authority, but you can generate and install a temporary certificate for testing purposes. If you choose to generate and install a temporary certificate for use with the web components, see How to: Create Temporary Certificates for Use During Development. Optionally, when you run the configuration script Set-HPCWebComponents.ps1 (which is installed when you run HpcWebComponents.msi), you can choose to generate and install a self-signed certificate, which you may also find useful for testing or proof-of-concept deployments.

Important

  • If you use a trusted certificate or a temporary certificate, ensure that you import it to the Trusted Root Certification Authorities Store of the local computer account on the head node. If you have configured your head node for high availability in the context of a failover cluster, import it to the Trusted Root Certification Authorities Store on both head node computers.

  • If you need to replace a certificate that is already bound to the port that you want to configure for the web components, you must first delete the existing certificate bindings. To do this, you can use the netsh http delete sslcert command. For more information about managing SSL certificates, see How to: Configure a Port with an SSL Certificate.

3. Configure the web components

To configure the Windows HPC Server Web Portal and the REST interface, you must run the provided HPC PowerShell script %CCP_HOME%\bin\Set-HPCWebComponents.ps1. When you run the script, you specify parameters as indicated in the following table:

Parameter

Description

-Service <ComponentType>

Configures the component specified by <ComponentType>. Valid values are Portal or REST. You can omit “-Service”.

Note

  • When setting up the Portal, the script adds the Web Services (IIS) role and the necessary IIS role features on the head node computer, if they are not already installed. It also configures IIS settings that enable SSL communication

  • When setting up the REST interface, the script configures and starts the HPC Web Service.

-enable | -disable

Enables or disables a component.

-Port <PortNumber>

Configures the component to use the specified port <PortNumber>. If the parameter is not specified, the script configures port 443 by default.

-Certificate <CertThumbprint>

Binds the SSL certificate specified using the thumbprint <CertThumbprint>.

Important

  • If a certificate is already bound on port <PortNumber>, you can configure this certificate either by specifying the correct <CertThumbprint> or by omitting the –Certificate parameter. You cannot configure a different certificate unless you delete the existing certificate binding.

  • If no certificate is bound on port <PortNumber>, you are prompted to type the number of a certificate from the list of available server authentication certificates. If you want the script to generate and configure the component with a self-signed certificate, type 0.

  • You can configure the same certificate for the HPC Server Web Portal and the REST interface, but this is not required.

-AuthenticationMethod <Method>

Configures the component to use a specified authentication method. Valid values are Basic or NTLM. If the parameter is not specified, the script configures Basic authentication by default.

Choose one of the following two procedures to set up the web components:

  • To configure the web components on a single head node

  • To configure the web components on a head node configured for high availability in a failover cluster

    Important

    You must configure the web components to use identical certificates and port bindings on both head nodes of the failover cluster.

To configure the web components on a single head node

  1. Start HPC PowerShell as an administrator.

  2. To view the current port configurations for SSL certificates, type the following command:

    netsh http show sslcert
    

    In the command output, note any IP:port bindings.

  3. If you need to delete an existing SSL certificate binding to the port <PortNumber> that you plan to use for the web components, type the following:

    netsh http delete sslcert 0.0.0.0:<PortNumber>
    
  4. To change the directory to the location of the script, type:

    cd $env:CCP_HOME\bin

  5. To configure the Windows HPC Server Web Portal, run the Set-HPCWebComponents.ps1 HPC PowerShell script using the –Service Portal parameter:

    • If no existing SSL certificate is bound on the default port 443, to run the script so that the available certificates are displayed, type:

      .\Set-HPCWebComponents.ps1 –Service Portal -enable

      • When prompted, type the number of a certificate in the list of available certificates. If you want the script to generate and configure the portal with a self-signed certificate, type 0.
    • To run the script by specifying port <PortNumber> and the thumbprint <CertThumbprint> of an SSL certificate, type:

      .\Set-HPCWebComponents.ps1 –Service Portal –enable –certificate <CertThumbprint> -Port <PortNumber>

      Important

      If an SSL certificate is already bound on the port <PortNumber>, you must either specify that certificate when you run the script, or choose a different certificate and port binding.

  6. To configure the REST interface and start the HPC Web Service, run the Set-HPCWebComponents.ps1 HPC PowerShell script using the –Service REST parameter:

    • If no existing SSL certificate is bound on the default port 443, to run the script so that the available certificates are displayed and the REST service uses Basic authentication, type:

      .\Set-HPCWebComponents.ps1 –Service REST -enable

      • When prompted, type the number of a certificate in the list of available certificates. If you want the script to generate and configure the portal with a self-signed certificate, type 0.
    • To run the script by specifying the NTLM authentication method, port <PortNumber>, and the thumbprint <CertThumbprint> of an SSL certificate, type:

      .\Set-HPCWebComponents.ps1 -Service REST -enable –AuthenticationMethod NTLM –certificate <CertThumbprint> -Port <PortNumber>

      Important

      If an SSL certificate is already bound on the port <PortNumber>, you must either specify that certificate when you run the script, or choose a different certificate and port binding.

    • After the script completes, stop and restart the HPC Job Scheduler Service by typing the following:

      net stop hpcscheduler
      net start hpcscheduler
      

To configure the web components on a head node configured for high availability in a failover cluster

  1. Start HPC PowerShell as an administrator.

  2. To configure the web components on the active head node of the failover cluster, follow steps 2 – 6 in the preceding procedure to configure the HPC Server Web Portal and the REST interface.

  3. If you generated and configured a self-signed certificate on the active head node for the web components, export the certificate as a .cer file and import it on the other head node by performing the following steps:

    1. On the active head node, click Start, click Run, and then type mmc to start the Microsoft Management Console.

    2. On the File menu, click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears.

    3. In Available snap-ins, click Certificates, and then click Add.

    4. Select Computer account, and then click Next.

    5. Select Local computer, and then click Finish. Click OK.

    6. In the Microsoft Management Console, in the console tree, expand Certificates, expand Personal, and then expand Certificates.

    7. Right-click the self-signed certificate that was created in the previous step (with a name of the form MyHeadNode.contoso.com), and then click Export. The Certificate Export Wizard appears.

    8. Accept the default selections in the wizard and specify a file name and a location on the failover disk of the failover cluster (or on portable storage media). Do not export the private key.

    9. On the Completing the Certificate Export Wizard page, click Finish.

    10. Using Failover Cluster Manager, move (fail over) the clustered instance to the other head node in the failover cluster.

    11. On the head node that is now active, Click Start, click Run, and then type mmc to start the Microsoft Management Console.

    12. On the File menu, click Add/Remove Snap-in. The Add or Remove Snap-ins dialog box appears.

    13. In Available snap-ins, click Certificates, and then click Add.

    14. Select Computer account, and then click Next.

    15. Select Local computer, and then click Finish. Click OK.

    16. In the Microsoft Management Console, in the console tree, expand Certificates, and then expand Personal.

    17. Right-click Certificates, and then click Import. The Certificate Import Wizard appears.

    18. Follow the pages of the wizard to import the .cer file from the location where you stored it, into the Personal certificate store.

  4. If you configured a certificate other than a self-signed certificate for the web components on the active head node, ensure that you have imported this certificate on the other (inactive) head node of the failover cluster.

  5. If you have not already done so, fail over to the other head node in the failover cluster (the head node on which you have not already run the Set-HPCWebComponents.ps1 script).

  6. Start HPC PowerShell as an administrators.

  7. To configure the web components on the active second node of the failover cluster, follow steps 2 – 6 in the preceding procedure to configure the HPC Server Web Portal and the REST interface.

    Important

    • Ensure that you configure the same certificate and port bindings that you configured on the other head node in the failover cluster.

    • If the script generated and configured a self-signed certificate on the other head node, do not type 0 to generate a self-signed certificate on the current head node. Type the number that corresponds to the name of the certificate that you imported from the other head node.

  8. Run the Set-HPCWebComponents.ps1 HPC PowerShell script so that the available certificates are displayed. Type:

    .\Set-HPCWebComponents.ps1 Portal -enable

    • When prompted, type the number of a certificate in the list of available certificates. Choose the number that corresponds to the certificate that you configured on the other head node in the failover cluster.

      Important

      If the script generated and configured a self-signed certificate on the other head node, do not type 0 to generate a self-signed certificate on the current head node. Type the number that corresponds to the name of the certificate that you imported from the other head node.

4. Validate the installation of the HPC Server Web Portal

To confirm that the Windows HPC Server Portal is configured properly, open a browser, then browse to the portal at the following address:

  • On a single head node (one that is not configured for high availability): https://<HeadNodeName>:<PortNumber>/hpcportal. where <HeadNodeName> is the computer name of the head node and <PortNumber> is the port that is bound by the SSL certificate

  • On a head node configured for high availability: https://<FQVN>:<PortNumber>/hpcportal, where <FQVN> is the fully qualified virtual name of the failover cluster for the head nodes and <PortNumber> is the port that is bound by the SSL certificate. Example: VirtHN.contoso.com.

Note

You must enable AJAX (active scripting) in your browser to view the portal content. For more information, see How to enable scripting in your browser (https://go.microsoft.com/fwlink/p/?LinkId=217076).

Additional considerations

  • If you generated a self-signed certificate to configure HPC Server Web Portal, you may see certificate errors or warnings in your browser when you try to access the portal. To avoid this, you can export the self-signed certificate from the Personal certificate store of the local computer account on head node, and import it in the Trusted Root Certification Authorities certificate store on the computer where you are accessing the portal.

  • If you configured the portal on a head node configured for high availability in the context of a failover cluster, the state of the web portal does not persist if the head node fails over. Any clients that connect to the portal must refresh their connections.

  • For information about creating a job submission page that lets users submit a job from the HPC Server Web Portal, see the Windows HPC Server 2008 R2 SP2 Test Focus Guide (https://technet.microsoft.com/library/hh184316(WS.10).aspx).