HPC/Network Access

From CNM Wiki
< HPC
Revision as of 16:46, November 14, 2008 by Stern (talk | contribs) (migrated from internal wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

From workstations within Argonne networks, the HPC cluster and a number of other computers are accessible directly. For access originating from outside Argonne networks, which includes machines at the APS, one of the following mechanisms must be used:

For either mechanism, we use the Argonne kerberos domain login and password for authentication. Access to the Argonne VPN requires an Argonne affiliation. If VPN access cannot be granted, the ssh gateway is available. For accessing a few specific resources on the intranet, advanced users may well prefer SSH over VPN. This document focuses on the use of the ssh gateway.

Cluster login nodes

Our HPC cluster Carbon is accessed via its login nodes which share the following name: 

 clogin.cnm.anl.gov

These nodes are accessible directly only from within Argonne networks, through the Argonne VPN, and from the CNM ssh gateway. The following section gives detailed information on setup and use of the gateway, and applies for most other CNM machines as well.

Using the ssh gateway

The CNM maintains a machine that acts as gateway from the open internet to machines on the CNM intranet. The machine's name is: 

 mega.cnm.anl.gov

Note that you will not have a home directory on this machine – it is neither strictly required nor needed for the tunneling functionality. We only allow password authentication, i.e., you will always have to type in your domain password to establish a tunnel. To use the tunnel for interactive operations and file transfer on the end systems, ssh public keys are normally permissible and must be placed at the end machines.

Using Carbon - II Remote Access - Title.png

Additional information:

CNM workstations on the APS network

For users with workstations that are still on the APS networks, there is a conflict of kerberos tickets. Prior to accessing the cluster, the APS ticket must be destroyed, so that the ANL.GOV ticket may be used. To do this, use the kdestroy(8) command or, on Mac OS X, /System/Library/CoreServices/Kerberos.app . (Credit: Anthony Avarca)

Password Policies

The methods described above will grant you, the holder of your Argonne domain password and private ssh key, access to your account on Carbon. As with any Argonne computer system, the following rules apply:

  • Keep passphrases and passwords private – do not share them with anyone, including administrators that you know or don't know.
  • Keep your private key file private - do not share it with anyone.
  • Use a strong passphrase following DOE password regulations.

--stern February 14, 2008 (CST)


Retrieved from "https://wiki.anl.gov/wiki_cnm/index.php?title=HPC/Network_Access&oldid=1727"