Encryption
Users can encrypt traffic between the Parsl DFK and HighThroughputExecutor
instances by setting its encrypted
initialization argument to True
.
For example,
from parsl.config import Config
from parsl.executors import HighThroughputExecutor
config = Config(
executors=[
HighThroughputExecutor(
encrypted=True
)
]
)
Under the hood, we use CurveZMQ to encrypt all communication channels between the executor and related nodes.
Encryption performance
CurveZMQ depends on libzmq and libsodium,
which pyzmq (a Parsl dependency) includes as part of its
installation via pip
. This installation path should work on most systems, but users have
reported significant performance degradation as a result.
If you experience a significant performance hit after enabling encryption, we recommend installing
pyzmq
with conda:
conda install conda-forge::pyzmq
Alternatively, you can install libsodium, then
install libzmq, then build pyzmq
from source:
pip3 install parsl --no-binary pyzmq