institute of biotechnology >> brc >> bioinformatics >> internal >> biohpc cloud: user guide
 

BioHPC Cloud:
: User Guide

 


Machine accounts and passwords

Your account used to access Lab machines can be managed online. All components use the same password, i.e. you use the same user id and password when login into the BioHPC Cloud website as well as workstations. You can change your password online (you will need your old password) or reset it (in this case you don't need your old password, the new one will be e-mailed to you).

2-Factor authentication

2-Factor authentication (2FA) via TOTP (time-based one-time password) will be required for off-campus login starting June 1, 2021, for access to the BioHPC webpage and login servers. During initial set-up you will need to link a TOTP app of your choice to your BioHPC account. Then, whenever you log into your BioHPC account, after entering your BioHPC username and password, you may be prompted for an additional one-time 6-digit passcode. Upon this prompt, you will need to open your TOTP app to get a temporary passcode.

Please note that this is a different type of 2FA than used by most Cornell services. It does not 'push' a request to your phone. Instead, it uses a secret key (specific to each user) and the current time to produce a passcode that changes every 30 seconds. When you set up 2FA, you will store your secret key on your phone. After set-up, there is no further communication between your phone and BioHPC; BioHPC just checks if the passcode you provide matches the one expected. You will see the passcode changing every 30 seconds on your app. BioHPC will accept the current passcode, as well as the passcodes produced immediately before and after the current 30-second interval.

For convenience, 2FA will not be required if any of these are true:

  • You are logging in from the Cornell campus network (including on-campus or Cornell VPN connected)
  • You are connecting to a login server via SSH using SSH keys
  • You are logging in from an IP address where you have already provided a one-time passcode in the past 7 days

There are some applications which are not compatible with 2FA (for example, the 'QuickConnect' feature on FileZilla). Because we only require a single 2FA per week per IP address, an easy work-around is to first log into BioHPC in some other way, such as signing into the webpage.

To set up two-factor authentication, or to link an additional device/app to your BioHPC account, visit the 2FA setup page. This page also has some suggestions for TOTP apps to install.

Access

All workstations can be accessed remotely via ssh or VNC (Linux) and Remote Desktop (Windows). The names of workstations are listed in the top row of the reservations table on reservations web page, fully qualified domain names are workstationname.biohpc.cornell.edu where workstationname is the name from the table. If you want to access the workstations from outside Cornell, and you are a Cornell user, you need to set up VPN through CIT (http://www.cit.cornell.edu/services/vpn/). Remote access is only allowed within the reserved time slot.

If you are an external user with no Cornell Netid, please refer to this document for instructions on how to connect from the outside. You still need to consult  remote access information for general information.

Please refer to the remote access information for step-by-step instructions on how to access our lab workstations from various types of client computers. This document also covers common means for data transfer between your local computer and workstations. It is also possible to use Globus to transfer data and share data with other users (even non-BioHPC Cloud users) - please see Globus at BioHPC Cloud and Using Globus to Share Data for details.

A summary on how to access and transfer data to and from BioHPC is in this document.

It is possible to access and exchange files between external file servers and the Lab workstations, as well as accessing files on dedicated BioHPC file servers. Please refer to this document for details. All users have full write access to their home directories, they are mounted on all Lab workstations.

Access with VNC

You can access your Linux workstations using VNC protocol and operate remotely in a graphical desktop environment. To connect via VNC, you first need to navigate to " My Reservations " page, select the desired resolution of your VNC window from a pull-down menu just below the reservations table, and click on "Connect VNC" for a workstation you want to connect to. This will initialize your VNC session on that workstation, assign a VNC port number, and provide instructions on how to establish a connection using a VNC viewer client on your local machine (laptop).

NOTE for conda users: Initialization of VNC will not work if your .bashrc file contains conda initialization code (typically found between the two conda initialize comment lines). This code needs to be removed (deleted) or disabled by inserting the return directive in front of it before VNC can be initialized. Conda environment can be activated in a shell within a VNC session, but it has to be disabled at the time of VNC initialization.

As a VNC viewer client, Windows users can use Real VNC VNC Viewer while Mac users can use Chicken of the VNC or Real VNC VNC Viewer . As instructed by the website after using the "Connect VNC" link, launch your VNC viewer, type the machine name and port number into appropriate fields (often they are used together machinename:portno ), and connect. If your password is not yet stored in VNC, you will be asked first to enter it before the desktop screen loads. When you see the Linux splash screen in the VNC window, position your mouse inside it and hit ENTER. This should take you to the graphical Linux login page, where you will need to provide your BioHPC password again.

To log out of your VNC session, use the "power button" icon in the upper-right corner of the Linux desktop and select "log out" option. The VNC session will be terminated and you will no longer be able to re-connect to it. Note that all processes you started within the sessions will be killed this way .

To disconnect from a VNC session without logging out, click on the 'close' icon within the frame of your VNC client window (e.g., the "X" icon in the upper-right corner on Windows). The same type of disconnect also happens when you close your laptop screen, or when network becomes unavailable. VNC sessions left-over after such disconnects are, in principle, persistent, i.e., your VNC desktop and all applications you started within should continue to run as long as your reservation is active. You should be able to reconnect to your session at any time from any computer on Cornell network with a VNC client installed on it. If your VNC window is plain black after reconnecting, just click anywhere inside, desktop locks out after some inactivity time (like screensaver). On occasion it may happen however, that your VNC session becomes unresponsive and you are no longer able to re-connect to it. If this occurs, you will need to kill the session by going to My Reservations page and hitting the "Cancel VNC" link (this link replaces "Connect VNC" if your VNC session has already been started). After killing the unresponsive session, you can start a new one by visiting My Reservations page again and clicking "Connect VNC". NOTE: this procedure will kill all processes that had been started within the old session. Even though the session may be hung up, these processes may still be running, doing work they were intended for. If you care for these processes, do not click "Cancel VNC". Instead - log in to the machine with an ssh terminal client and evaluate the situation.

The "Cancel VNC" link may also be used whenever a VNC session started before is no longer needed, or is no longer running (for example, if you logged out of it, or the machine hosting the session has been rebooted).

How to run graphical applications (soffice, gsAssembler, etc.) while working remotely

There are two ways to run graphical applications remotely: via a VNC connection or via an X-windows client. VNC connection (described above) opens a graphical desktop remotely where graphical application can be launched.

VNC is usually slower than X-windows, but it is persistent, i.e. it keeps running even when disconnected. If you expect your graphical software to run for many hours it is safer to use VNC, since a network outage will kill X-windows connected program, while it will continue running under VNC.

Using an X-windows client is a simple procedure:

1. Make sure that a suitable X-windows manager software is installed and running on your local computer (i.e., the one you are connecting from). If you are connecting from a Linux or Mac machine, the X-windows manager should be already there by default. If you are connecting from a Windows PC, we recommend that you install a free version of MobaXterm and start it before connecting to the lab machines.

2. While making the ssh connection to a lab machine, remember to enable the X11 forwarding on your local computer. On Linux or Mac machines, this is done by supplying the "-X" option to the ssh command (e.g., ssh -X cbsuwrkst2.biohpc.cornell.edu). On Windows machines, ssh connection is accomplished using one of client programs, such as PuTTy. Such clients should be configured to enable X11 forwarding. Please refer to your client's documentation for specific instructions.

Step-by-step instructions for installation and configuration of client software and the access procedure can be found here.

 

 

Website credentials: login  Web Accessibility Help