Using IBM Cloud HPC with LSF Application Center and high availability

Enable LSF Application Center with your IBM Cloud® HPC cluster during deployment by setting enable_app_center to true, and app_center_gui_pwd to match your LSF Application Center password. High availability for LSF Application Center is enabled by default and managed with the app_center_high_availability deployment input value (that is, it is set to true by default). Leaving this high availability input value enabled allows LSF Application Center to:

run on all deployed management nodes.
use a cross availability zone instance of the IBM Cloud® Database for MySQL as the backend database.
use an IBM Cloud® Application Load Balancer for VPC (ALB) as the VPC load balancer to dispatch requests to LSF Application Center nodes.

Before you can deploy your IBM Cloud HPC cluster with LSF Application Center in high availability mode, import a TLS termination certificate and authorize it.

Importing a TLS termination certificate in Secrets Manager and configuring authorization

For LSF Application Center high availability, you require a certificate for TLS termination from the VPC load balancer with HTTPS connections. Even self-signed certificates are supported, but you need to accept them in a browser. Import this certificate to IBM Cloud® Secrets Manager and provide the appropriate authorization:

Obtain the certificate to be used for TLS termination of your LSF Application Center. The certificate domain must match the value that is specified for the dns_domain_names deployment input value. It can be either be a wildcard domain (such as *.mydomainname) or can contain a DNS alias (such as pac.mydomainname).
Create a secret in IBM Cloud® Secrets Manager for the certificate.
Import the certificate to Secrets Manager.
Take note of the Cloud Resource Name (CRN) value for the certificate, as you need to provide it during IBM Cloud® HPC cluster deployment as the certificate_instance deployment input value. The VPC load balancer front-end listeners use the CRN to load the certificate.
Provide IAM service to service authorization between the VPC load balancer resource type and the Secrets Manager user instance. This way, the VPC load balancer for your IBM Cloud HPC cluster instance can retrieve the TLS certificate and related private key in a secure and auditable way. For example:
1. In the IBM Cloud console, select Manage > Access (IAM) > Authorizations to display the Grant a service authorization page.
2. In the Source section, select This account as the account for the service.
3. Select VPC Infrastructure Services as the service.
4. Select Specific resources as the scope.
5. Select Resource Type in the Add attributes section, and select Load Balancer for VPC.
6. In the Target section, select Secrets Manager as the source to which to give access.
7. Select Instance ID, select the string equals, and select your Secrets Manager instance.
8. In the Roles section, select Writer as the level of access to assign.

With these settings complete, you can deploy your IBM Cloud HPC cluster with LSF Application Center high availability enabled. Once deployed, you can access the LSF Application Center.