You set the MATLAB® Job Scheduler security level with the
mjs_def file before starting the mjs service on your cluster nodes.
mjs_def file indicates what values are allowed, and briefly describes
each security level.
The following table describes the available security levels for accessing a MATLAB Job Scheduler and its jobs.
|Security Level||Description||User Requirements|
Jobs are identified with the submitting user.
Job manager MATLAB Job Scheduler password protection on jobs.
In addition to the security of level 2, tasks run as the submitting user on worker machines.
The job manager and the workers should run at the same security level. A worker running at too low a security level will fail to register with the job manager, because the job manager does not trust it.
For any security above level 0, when you start the MATLAB Job Scheduler (for example, with the
startjobmanager command), a cluster user account named
created for this cluster, and you are prompted to provide a password for this new account. The
admin account has all the necessary permissions for accessing the
cluster and all its jobs.
For any security level, the MATLAB Job Scheduler identifies every job with the user who submits the job. Therefore, whenever you access the MATLAB Job Scheduler or a job, the MATLAB Job Scheduler must be aware of who you are.
At security level 0, the MATLAB Job Scheduler and job objects’
UserName property is set to the
login name of the person who creates the job; this setting can be changed at any time. For all
higher security levels, the first access to the MATLAB Job Scheduler causes a dialog box to open which asks for your username; if the
security level is 2 or 3, you must also provide a password. The username and password you
provide for the MATLAB Job Scheduler needs to match your network username and password
only if you are using security level 3; otherwise, you can create a new
username and password unique for the MATLAB Job Scheduler. For your convenience, you can choose how long to save your username
and password on the local computer, so that you do not need to enter them every time you access
To establish secure encrypted communication between MATLAB Job Scheduler, client and workers, set
USE_SECURE_COMMUNICATION = true
ALL_SERVER_SOCKETS_IN_CLUSTER = true (default)
mjs_def file. Secure encrypted communication is
provided via SSLSocket using TLSv1.2 only.
ALL_SERVER_SOCKETS_IN_CLUSTER = false in the
mjs_def file, then secure encrypted communication is established between
MATLAB Job Scheduler and workers only.
You must also provide a value for the
SHARED_SECRET_FILE parameter in
mjs_def file, identifying where the file can be found from the
MATLAB Job Scheduler perspective. To create this file, run either script:
The secret file establishes trust between the processes on different machines.
In a shared file system, all the nodes can point to the same secret file, and they can
even all share the same
In a nonshared file system, create a secret file with the provided script, then copy the
file to each node and make sure each node’s
mjs_def file indicates where
its particular secret file is located.
Secure communication is required when using MATLAB Job Scheduler security level 3.