HPC/Network Access: Difference between revisions

From CNM Wiki
< HPC
Jump to navigation Jump to search
 
(35 intermediate revisions by the same user not shown)
Line 1: Line 1:
From workstations within Argonne networks, the HPC cluster and a number of other computers are accessible directly.
{{HPC Header}}
For access originating from outside Argonne networks, which includes machines at the APS,
{| align="right"
one of the following mechanisms must be used:
| __TOC__
* [https://credentials.anl.gov/VPN Argonne VPN]
|}
* ssh gateway
== Accessing Carbon ==
For either mechanism, we use the Argonne kerberos domain login and password for authentication.
Access to the Argonne VPN requires an Argonne affiliation.
If VPN access cannot be granted, the ssh gateway is available.
For accessing a few specific resources on the intranet, advanced users may well prefer SSH over VPN.
This document focuses on the use of the ssh gateway.


__TOC__
=== Requirements ===
To use Carbon, you must:
* be entered as a ''participant'' on an active user proposal, by your Argonne ''badge number'',
* have an Argonne computer account, which has:
** a ''personalized password'', (i.e., you changed it after the account has been created, or updated it within the last 6 months), and
** a ''personalized user name''.


== Cluster login nodes ==
If you do not meet any one of those requirements, see our [[HPC/FAQ|'''FAQ''']], in particular the sections:
* [[HPC/FAQ#Account Types|Account Types]]
* [[HPC/FAQ#Getting started on a proposal|Getting started on a proposal]]
* [[HPC/FAQ#Adding users to a proposal|Adding users to a proposal]]
* [[HPC/FAQ#Follow-up actions required by the User|Follow-up actions required by the User]]


Our HPC cluster ''Carbon'' is accessed via its login nodes which share the following name:
Please direct questions and follow-up to the CNM User Office, as linked in the FAQ.
  '''clogin.cnm.anl.gov'''
These nodes are accessible directly only from within Argonne networks, through the Argonne VPN, and from the CNM ssh gateway.
The following section gives detailed information on setup and use of the gateway,
and applies for most other CNM machines as well.


== Using the ssh gateway ==
=== Access from inside the CNM using an Argonne-owned computer ===
Connect with a [http://en.wikipedia.org/wiki/Secure_Shell ''Secure Shell''] client program directly to {{host|carbon.cnm.anl.gov}}.


The CNM maintains a machine that acts as gateway from the open internet to machines on the CNM intranet.
=== Access from anywhere else ===
The machine's name is:
Use one of the following:
  '''mega.cnm.anl.gov'''
* Argonne employees may wish to log into the [https://credentials.anl.gov/VPN Argonne VPN] first, then access the Carbon login nodes.
Note that you will '''not have a home directory''' on this machine – it is neither strictly required nor needed for the tunneling functionality.
* Otherwise, use CNM's SSH gateway {{host|mega.cnm.anl.gov}} (see next section for details).
We only allow password authentication, i.e., you will always have to type in your domain password to ''establish'' a tunnel.
** You must be CNM staff or a user on a CNM proposal that is active or has recently expired (within the last 6 weeks).
To ''use'' the tunnel for interactive operations and file transfer on the end systems,
** Use the user name and password of your Argonne account to log in.
ssh public keys are normally permissible and must be placed at the end machines.
** Do not run any commands or store any files on this machine. The gateway is needed for port forwarding only.


== Using the SSH gateway ==
[[Image:Using Carbon - II Remote Access - Title.png|right|200px|border]]
[[Image:Using Carbon - II Remote Access - Title.png|right|200px|border]]
; Tunnel Setup – read this first:
=== Setup for interactive use and file transfers ===
* [[HPC/Network Access/SSH Tunnel Setup on Linux and MacOS| Linux, MacOS, and Cygwin]]
* [[HPC/Network Access/SSH Tunnel Setup on Linux and MacOS| Linux, MacOS, and Cygwin]]
* [[HPC/Network Access/PuTTY Configuration| Windows (using PuTTY)]]
* [[HPC/Network Access/PuTTY Configuration| Windows (using PuTTY)]]
; SSH GUI Applications:
* TODO: Windows alternate software.
* [[HPC/Network Access/MacOS GUI Applications for SSH| MacOS]]
* [[HPC/Network Access/WinSCP Configuration| Windows (using WinSCP)]]
* [[HPC/Network Access/Windows Applications for SSH| Windows]]


Additional information:
=== SSH GUI Applications ===
* [[media:HPC Using Carbon - II Remote Access.pdf|Slides from a talk ''Using Carbon - II Remote Access'' (PDF)]]
* [[HPC/Network Access/Mac OS X Applications for SSH|Mac OS X]]
 
* [[HPC/Network Access/Windows Applications for SSH|Windows]]
== CNM workstations on the APS network ==
* [[HPC/Network Access/Virtual Desktop|Virtual Desktop]] (VNC)


<!--
=== Note for CNM workstations on the APS network ===
For users with workstations that are still on the APS networks, there is a conflict of kerberos tickets.
For users with workstations that are still on the APS networks, there is a conflict of kerberos tickets.
Prior to accessing the cluster, the APS ticket must be destroyed, so that the ANL.GOV ticket may be used.
Prior to accessing the cluster, the APS ticket must be destroyed, so that the ANL.GOV ticket may be used.
To do this, use the <strong>kdestroy(8)</strong> command or, on Mac OS X, <strong>/System/Library/CoreServices/Kerberos.app</strong> .  (Credit: Anthony Avarca)
To do this, use the <strong>kdestroy(8)</strong> command or, on Mac OS X, <strong>/System/Library/CoreServices/Kerberos.app</strong> .  (Anthony Avarca)
-->
 
Additional information:
* [[media:HPC Using Carbon - II Remote Access.pdf|Slides from a talk ''Using Carbon - II Remote Access'' (PDF)]]


== Password Policies ==
== Password Policies ==
Line 54: Line 61:
* Keep your private key file private - do not share it with anyone.
* Keep your private key file private - do not share it with anyone.
* Use a strong passphrase following [http://www.pns.anl.gov/pdfs/internal/password-guide.pdf DOE password regulations].
* Use a strong passphrase following [http://www.pns.anl.gov/pdfs/internal/password-guide.pdf DOE password regulations].
--[[User:Stern|stern]] February 14, 2008 (CST)


[[Category:HPC|Network]]
[[Category:HPC|Network]]

Latest revision as of 17:42, December 21, 2020

HPC-Main-external.jpg

Carbon Cluster
User Information

Accessing Carbon

Requirements

To use Carbon, you must:

  • be entered as a participant on an active user proposal, by your Argonne badge number,
  • have an Argonne computer account, which has:
    • a personalized password, (i.e., you changed it after the account has been created, or updated it within the last 6 months), and
    • a personalized user name.

If you do not meet any one of those requirements, see our FAQ, in particular the sections:

Please direct questions and follow-up to the CNM User Office, as linked in the FAQ.

Access from inside the CNM using an Argonne-owned computer

Connect with a Secure Shell client program directly to carbon.cnm.anl.gov.

Access from anywhere else

Use one of the following:

  • Argonne employees may wish to log into the Argonne VPN first, then access the Carbon login nodes.
  • Otherwise, use CNM's SSH gateway mega.cnm.anl.gov (see next section for details).
    • You must be CNM staff or a user on a CNM proposal that is active or has recently expired (within the last 6 weeks).
    • Use the user name and password of your Argonne account to log in.
    • Do not run any commands or store any files on this machine. The gateway is needed for port forwarding only.

Using the SSH gateway

Using Carbon - II Remote Access - Title.png

Setup for interactive use and file transfers

SSH GUI Applications


Additional information:

Password Policies

The methods described above will grant you, the holder of your Argonne domain password and private ssh key, access to your account on Carbon. As with any Argonne computer system, the following rules apply:

  • Keep passphrases and passwords private – do not share them with anyone, including administrators that you know or don't know.
  • Keep your private key file private - do not share it with anyone.
  • Use a strong passphrase following DOE password regulations.