Encryption

Users can encrypt traffic between the Parsl DFK and HighThroughputExecutor instances by setting its encrypted initialization argument to True.

For example,

from parsl.config import Config
from parsl.executors import HighThroughputExecutor

config = Config(
    executors=[
        HighThroughputExecutor(
            encrypted=True
        )
    ]
)

Under the hood, we use CurveZMQ to encrypt all communication channels between the executor and related nodes.

Encryption performance

CurveZMQ depends on libzmq and libsodium, which pyzmq (a Parsl dependency) includes as part of its installation via pip. This installation path should work on most systems, but users have reported significant performance degradation as a result.

If you experience a significant performance hit after enabling encryption, we recommend installing pyzmq with conda:

conda install conda-forge::pyzmq

Alternatively, you can install libsodium, then install libzmq, then build pyzmq from source:

pip3 install parsl --no-binary pyzmq