HPC/Network Access: Difference between revisions

From CNM Wiki
< HPC
Jump to navigation Jump to search
mNo edit summary
Line 1: Line 1:
From workstations within Argonne networks, the HPC cluster and a number of other computers are accessible directly.
You can directly access CNM computers, including the HPC cluster, ''only from Argonne-operated workstations''.
For access originating from outside Argonne networks, which includes machines at the APS,
From any other computers employ one of the following mechanisms:
one of the following mechanisms must be used:
* SSH gateway (available for all users)
* [https://credentials.anl.gov/VPN Argonne VPN]
* [https://credentials.anl.gov/VPN Argonne VPN] (available for Argonne employees only).
* ssh gateway
For either mechanism, authenticate yourself with your Argonne domain login and password.
For either mechanism, we use the Argonne kerberos domain login and password for authentication.
Your domain login will usually remain active for the duration of your proposal.
Access to the Argonne VPN requires an Argonne affiliation.
You must renew your password about every 6 months (you will usually receive a reminder by email).
If VPN access cannot be granted, the ssh gateway is available.
For accessing a few specific resources on the intranet, advanced users may well prefer SSH over VPN.
This document focuses on the use of the ssh gateway.


__TOC__
__TOC__


== Cluster login nodes ==
== Carbon Login Nodes ==
 
To access the CNM's HPC cluster ''Carbon,'' connect to one of its login nodes using the host name
Our HPC cluster ''Carbon'' is accessed via its login nodes which share the following name:
   '''clogin.cnm.anl.gov'''
   '''clogin.cnm.anl.gov'''
These nodes are accessible directly only from within Argonne networks, through the Argonne VPN, and from the CNM ssh gateway.
The following section gives detailed information on setup and use of the gateway,
and applies for most other CNM machines as well.


== Using the ssh gateway ==
== Using the SSH gateway ==


The CNM maintains a machine that acts as gateway from the open internet to machines on the CNM intranet.
The CNM SSH gateway is a Unix-style machine at the host name:
The machine's name is:
   '''mega.cnm.anl.gov'''
   '''mega.cnm.anl.gov'''
Note that you will '''not have a home directory''' on this machine – it is neither strictly required nor needed for the tunneling functionality.
* You will always have to '''type in your domain password''' to ''establish'' a tunnel.
We only allow password authentication, i.e., you will always have to type in your domain password to ''establish'' a tunnel.
* You will '''not have a home directory''' on this machine – it is neither strictly required nor needed for the tunneling functionality.
* '''Do not type any command on this machine''' - it is only needed to establish a tunnel.
 
[[Image:Using Carbon - II Remote Access - Title.png|right|200px|border]]
To ''use'' the tunnel for interactive operations and file transfer on the end systems,
To ''use'' the tunnel for interactive operations and file transfer on the end systems,
ssh public keys are normally permissible and must be placed at the end machines.
ssh public keys are normally permissible and must be placed at the end machines.


[[Image:Using Carbon - II Remote Access - Title.png|right|200px|border]]
Additional information:
; Tunnel Setup – read this first:
* [[media:HPC Using Carbon - II Remote Access.pdf|Slides from a talk ''Using Carbon - II Remote Access'' (PDF)]]
 
=== Tunnel Setup ===
* [[HPC/Network Access/SSH Tunnel Setup on Linux and MacOS| Linux, MacOS, and Cygwin]]
* [[HPC/Network Access/SSH Tunnel Setup on Linux and MacOS| Linux, MacOS, and Cygwin]]
* [[HPC/Network Access/PuTTY Configuration| Windows (using PuTTY)]]
* [[HPC/Network Access/PuTTY Configuration| Windows (using PuTTY)]]
; SSH GUI Applications:
 
=== SSH GUI Applications ===
* [[HPC/Network Access/MacOS GUI Applications for SSH| MacOS]]
* [[HPC/Network Access/MacOS GUI Applications for SSH| MacOS]]
* [[HPC/Network Access/Windows Applications for SSH| Windows]]
* [[HPC/Network Access/Windows Applications for SSH| Windows]]


Additional information:
=== Note for CNM workstations on the APS network ===
* [[media:HPC Using Carbon - II Remote Access.pdf|Slides from a talk ''Using Carbon - II Remote Access'' (PDF)]]
 
== CNM workstations on the APS network ==


For users with workstations that are still on the APS networks, there is a conflict of kerberos tickets.
For users with workstations that are still on the APS networks, there is a conflict of kerberos tickets.
Prior to accessing the cluster, the APS ticket must be destroyed, so that the ANL.GOV ticket may be used.
Prior to accessing the cluster, the APS ticket must be destroyed, so that the ANL.GOV ticket may be used.
To do this, use the <strong>kdestroy(8)</strong> command or, on Mac OS X, <strong>/System/Library/CoreServices/Kerberos.app</strong> .  (Credit: Anthony Avarca)
To do this, use the <strong>kdestroy(8)</strong> command or, on Mac OS X, <strong>/System/Library/CoreServices/Kerberos.app</strong> .  (Anthony Avarca)


== Password Policies ==
== Password Policies ==
Line 54: Line 49:
* Keep your private key file private - do not share it with anyone.
* Keep your private key file private - do not share it with anyone.
* Use a strong passphrase following [http://www.pns.anl.gov/pdfs/internal/password-guide.pdf DOE password regulations].
* Use a strong passphrase following [http://www.pns.anl.gov/pdfs/internal/password-guide.pdf DOE password regulations].
--[[User:Stern|stern]] February 14, 2008 (CST)


[[Category:HPC|Network]]
[[Category:HPC|Network]]

Revision as of 17:24, May 24, 2011

You can directly access CNM computers, including the HPC cluster, only from Argonne-operated workstations. From any other computers employ one of the following mechanisms:

  • SSH gateway (available for all users)
  • Argonne VPN (available for Argonne employees only).

For either mechanism, authenticate yourself with your Argonne domain login and password. Your domain login will usually remain active for the duration of your proposal. You must renew your password about every 6 months (you will usually receive a reminder by email).

Carbon Login Nodes

To access the CNM's HPC cluster Carbon, connect to one of its login nodes using the host name 

 clogin.cnm.anl.gov

Using the SSH gateway

The CNM SSH gateway is a Unix-style machine at the host name: 

 mega.cnm.anl.gov
  • You will always have to type in your domain password to establish a tunnel.
  • You will not have a home directory on this machine – it is neither strictly required nor needed for the tunneling functionality.
  • Do not type any command on this machine - it is only needed to establish a tunnel.
Using Carbon - II Remote Access - Title.png

To use the tunnel for interactive operations and file transfer on the end systems, ssh public keys are normally permissible and must be placed at the end machines.

Additional information:

Tunnel Setup

SSH GUI Applications

Note for CNM workstations on the APS network

For users with workstations that are still on the APS networks, there is a conflict of kerberos tickets. Prior to accessing the cluster, the APS ticket must be destroyed, so that the ANL.GOV ticket may be used. To do this, use the kdestroy(8) command or, on Mac OS X, /System/Library/CoreServices/Kerberos.app . (Anthony Avarca)

Password Policies

The methods described above will grant you, the holder of your Argonne domain password and private ssh key, access to your account on Carbon. As with any Argonne computer system, the following rules apply:

  • Keep passphrases and passwords private – do not share them with anyone, including administrators that you know or don't know.
  • Keep your private key file private - do not share it with anyone.
  • Use a strong passphrase following DOE password regulations.
Retrieved from "https://wiki.anl.gov/wiki_cnm/index.php?title=HPC/Network_Access&oldid=3141"