Documentation

Configure AWS VPC for Cloud Center

This section provides guidelines for configuring your VPC to work with Cloud Center. With EC2-VPC, instances run in a virtual private cloud (VPC) that is logically isolated to only one AWS account. MATLAB® Parallel Server™ for Amazon EC2® supports configurations with the Headnode and workers in the same subnet. You need Public IP addressing and internet access.

VPC and Subnet Configuration

Create a VPC and subnet, if you do not have them already. You can create a simple VPC as follows:

Assign Classless Inter-Domain Routing (CIDR) block sizes that support a minimum of at least the number of IP addresses required for the maximum number of cluster machines you wish to create, plus 5. Amazon reserves the first four (4) IP addresses and the last one (1) IP address of every subnet for IP networking purposes. For example, if you wish to run at least 254 cluster machines, your CIDR block size must be at least /23. This allows for a maximum of 507 hosts after subtracting the five reserved for Amazon use. The table below illustrates some options. Also, your network engineering group can help you determine the CIDR blocks needed for your VPC and subnets.

Maximum number of cluster machines desiredSuitable CIDR block
5910.0.0.0/26
12310.0.0.0/25
25110.0.0.0/24
50710.0.0.0/23
101910.0.0.0/22

Set the Enable DNS hostnames option to Yes to ensure that instances receive a DNS hostname. For more information, see Using DNS with Your VPC.

An internet gateway allows your instances to communicate with the internet. An internet gateway should be attached to your VPC.

The route tables control VPC networking. You must define a route to enable traffic destined for an IP address outside the VPC (0.0.0.0/0) to flow from the subnet to the Internet gateway.

Connecting a Desktop Computer (Client Machine) to MATLAB Parallel Server Running on the Amazon EC2 Cloud

  • The client machine must be able to make outgoing connections to any DNS name in the domain mathworks.com and in amazonaws.com on port 443 (https), or have a properly configured SSL capable proxy server that can contact those domains.

  • The client machine must be able to make outgoing connections to the cluster machines in the amazonaws.com domain directly on ports 27355 and 14350 to 14351 + 4*N, where N is the maximum number of workers on a single machine. For example, if there were 8 workers per machine, you should ensure that ports 14350 to 14383 can be contacted.

    Note that ability to "make outgoing connections" means that the client machine must be able to instantiate a socket to the cluster. At a TCP level, this means that the initial SYN packet for the TCP/IP communication comes from the client. Most NAT and general firewalls allow this type of communication, but if you have more stringent rules, you might need to enable such outgoing communication.

  • You must connect the client and the cluster running in the cloud via "always connected" TCP communications. Should a network device between the client computer and the cluster reset the TCP stream, then any open interactive parpool sessions will be shut down.

  • You must configure Cloud Center Cluster Access to allow connections from your computer's external IP address. In most local networks, policies in place mean that the public Internet address of the computer, as seen from other places on the Internet, differs from the local address. Contact your administrator or visit https://whatismyipaddress.com to determine the public Internet address of your computer.

Troubleshooting

Problems and Symptoms

Potential Causes and Solutions

Cluster startup fails due to timeout and no Cluster Start Messages are visible

  • Verify the network access control list (ACL) associated with the cluster’s subnet allows all required inbound and outbound traffic. For more information regarding Network ACLs, see Amazon VPC User Guide.

  • Verify the cluster’s VPC has an Internet gateway attached to enable cluster instances to communicate with the Internet. For more information on configuring an Internet gateway for your VPC, see Amazon VPC Internet Gateway.

  • Verify that the cluster’s subnet route table enables traffic to be routed to the Internet. In a public subnet, this is ensured via a route to an Internet gateway. For information on configuring VPC route tables, see Amazon VPC Route Table.

  • Verify that cluster instances are able to resolve the Fully Qualified Domain Names (FQDN) of all cluster instances. Ensure that the Dynamic Host Configuration Protocol (DHCP) Options Sets associated with the cluster’s VPC are configured correctly. For more information about configuring DHCP Options Sets, see Amazon VPC DHCP Options.

Client is unable to connect to the cluster

  • Ensure that the connectivity checker completes all tests successfully.

    • Ensure that your network firewall allows outbound HTTP and HTTPS traffic to MathWorks and Amazon Web Services domains.

    • Ensure that your network firewall allows outbound traffic on all required ports.

  • Ensure that the cluster profile validation succeeds. This tool verifies connectivity from the client to the cluster instances.

  • Ensure that your client machine's IP address is registered on the cluster access page in Cloud Center.

  • Verify that the cluster is on-line.

Related Topics