Machine accounts and passwords
2-Factor authentication
Access
Access with VNC
How to run graphical applications (soffice, gsAssembler,
etc.) while working remotely
How to access network enabled applications like R-Studio or
Jupyter Notebook
Machine
accounts and passwords
Your account used to access BioHPC machines can be
managed online. All components use the same password, i.e. you use the
same user id and password when login into the BioHPC Cloud website as well
as workstations. You can
change your password online (you will need your old password) or reset it
(in this case you don't need your old password, the new one will be
e-mailed to you).
2-Factor
authentication
2-Factor authentication (2FA) via TOTP (time-based
one-time password) will is required for off-campus logins,
for access to the BioHPC website and login servers. During initial
set-up you will need to link a TOTP app of your choice to your BioHPC
account. Then, whenever you log into your BioHPC account, after entering
your BioHPC username and password, you may be prompted for an additional
one-time 6-digit passcode. Upon this prompt, you will need to open your
TOTP app to get a temporary passcode.
Please note that this is a different type of 2FA than used by most
Cornell services. It does not 'push' a request to your phone. Instead, it
uses a secret key (specific to each user) and the current time to produce
a passcode that changes every 30 seconds. When you set up 2FA, you will
store your secret key on your phone. After set-up, there is no further
communication between your phone and BioHPC; BioHPC just checks if the
passcode you provide matches the one expected. You will see the passcode
changing every 30 seconds on your app. BioHPC will accept the current
passcode, as well as the passcodes produced immediately before and after
the current 30-second interval.
For convenience, 2FA will not be required if any of
these are true:
- You are logging in from the Cornell campus network (including
on-campus or Cornell VPN connected)
- You are connecting to a login server via SSH using SSH keys
- You are logging in from an IP address where you have already provided
a one-time passcode in the past 7 days
There are some applications which are not compatible with 2FA (for
example, the 'QuickConnect' feature on FileZilla). Because we only require
a single 2FA per week per IP address, an easy work-around is to first log
into BioHPC in some other way, such as signing into the webpage.
To set up two-factor authentication, or to link an additional device/app
to your BioHPC account, visit the 2FA setup page.
This page also has some suggestions for TOTP apps to install.
Access
All workstations can be accessed remotely via ssh or
VNC (Linux) and Remote Desktop (Windows). The names of workstations are
listed in the top row of the reservations table on reservations
web page, fully qualified domain names are workstationname.biohpc.cornell.edu
where workstationname is the name from the table. If you want to
access the workstations from outside Cornell, and you are a Cornell user,
you need to set up VPN through CIT (http://www.cit.cornell.edu/services/vpn/).
Remote access is only allowed within the reserved time slot.
If you are an external user with no Cornell Netid,
please refer to this document for
instructions on how to connect from the outside. You still need to
consult remote
access information for general information.
Please refer to the remote
access information for step-by-step instructions on how to access
our BioHPC workstations from various types of client computers. This
document also covers common means for data transfer between your local
computer and workstations. It is also possible to use Globus to transfer
data and share data with other users (even non-BioHPC Cloud users) -
please see Globus at BioHPC Cloud
and Using Globus to
Share Data for details.
A summary on how to access and transfer data to and
from BioHPC is in this
document.
It is possible to access and exchange files between
external file servers and the BioHPC workstations, as well as accessing
files on dedicated BioHPC file servers. Please refer to
this document for details. All users have full write access to
their home directories, they are mounted on all BioHPC workstations.
Access
with VNC
You can access your Linux workstations using VNC
protocol and operate remotely in a graphical desktop environment. To
connect via VNC, you first need to navigate to "
My Reservations " page, select the desired resolution of your VNC
window from a pull-down menu just below the reservations table, and click
on "Connect VNC" for a workstation you want to connect to. This will
initialize your VNC session on that workstation, assign a VNC port number,
and provide instructions on how to establish a connection using a VNC
viewer client on your local machine (laptop).
NOTE for conda users: Initialization
of VNC will not work if your .bashrc
file contains conda initialization code
(typically found between the two
conda initialize comment lines). This code needs
to be removed (deleted) or disabled by inserting the return
directive in front of it before VNC can be initialized. Conda environment
can be activated in a shell within a VNC session, but it has to be
disabled at the time of VNC initialization.
As a VNC viewer client, Windows users can use
Real VNC VNC Viewer while Mac users can use Chicken
of the VNC or
Real VNC VNC Viewer . As instructed by the website
after using the "Connect VNC" link, launch your VNC viewer, type the
machine name and port number into appropriate fields (often they are used
together machinename:portno ), and connect. If your password
is not yet stored in VNC, you will be asked first to enter it before the
desktop screen loads. When you see the Linux splash screen in the VNC
window, position your mouse inside it and hit ENTER. This should take you
to the graphical Linux login page, where you will need to provide your
BioHPC password again.
To change the resolution of your VNC session after it
has started, open a terminal within VNC and type the command 'xrandr'. This
will give you a list of possible resolutions, you can then set the resolution
with a command like 'xrandr -s 1920x1080'
To log out of your VNC session, use the "power
button" icon in the upper-right corner of the Linux desktop and select
"log out" option. The VNC session will be terminated and you will no
longer be able to re-connect to it. Note that all processes you
started within the sessions will be killed this way .
To disconnect from a VNC session without
logging out, click on the 'close' icon within the frame
of your VNC client window (e.g., the "X" icon in the upper-right corner on
Windows). The same type of disconnect also happens when you close your
laptop screen, or when network becomes unavailable. VNC sessions left-over
after such disconnects are, in principle, persistent,
i.e., your VNC desktop and all applications you started within should
continue to run as long as your reservation is active. You should be able
to reconnect to your session at any time from any computer on Cornell
network with a VNC client installed on it. If your VNC window is plain
black after reconnecting, just click anywhere inside, desktop locks out
after some inactivity time (like screensaver). On occasion it may happen
however, that your VNC session becomes unresponsive and you are no longer
able to re-connect to it. If this occurs, you will need to kill
the session by going to
My Reservations page and hitting the "Cancel VNC" link (this link
replaces "Connect VNC" if your VNC session has already been started).
After killing the unresponsive session, you can start a new one by
visiting My
Reservations page again and clicking "Connect VNC".
NOTE: this procedure will kill all processes that had been started
within the old session. Even though the session may be hung
up, these processes may still be running, doing work they were intended
for. If you care for these processes, do not click "Cancel VNC". Instead -
log in to the machine with an ssh terminal client and evaluate the
situation.
The "Cancel VNC" link may also be used whenever a VNC
session started before is no longer needed, or is no longer running (for
example, if you logged out of it, or the machine hosting the session has
been rebooted).
How
to run graphical applications (soffice, gsAssembler, etc.) while
working remotely
There are two ways to run graphical applications
remotely: via a VNC connection or via an X-windows client. VNC connection
(described above) opens a graphical desktop remotely where graphical
application can be launched.
VNC is usually slower than X-windows, but it is
persistent, i.e. it keeps running even when disconnected. If you expect
your graphical software to run for many hours it is safer to use VNC,
since a network outage will kill X-windows connected program, while it
will continue running under VNC.
Using an X-windows client is a simple procedure:
1. Make sure that a suitable X-windows manager software
is installed and running on your local computer (i.e., the one you are
connecting from). If you are connecting from a Linux or Mac machine, the
X-windows manager should be already there by default. If you are
connecting from a Windows PC, we recommend that you install a free version
of MobaXterm and
start it before connecting to the BioHPC machines.
2. While making the ssh connection to a BioHPC machine, remember to enable
the X11 forwarding on your local computer. On Linux or Mac machines, this
is done by supplying the "-X" option to the ssh command (e.g., ssh -X
cbsuwrkst2.biohpc.cornell.edu). On Windows machines, ssh connection is
accomplished using one of client programs, such as PuTTy.
Such clients should be configured to enable X11 forwarding. Please refer
to your client's documentation for specific instructions.
Step-by-step instructions for installation and configuration of client
software and the access procedure can be found here.
How
to access network enabled applications like R-Studio or Jupyter
Notebooks
Some applications like R-Studio or Jupyter
Notebooks are designed to be accessed remotely through network, typically
via a web browser (or sometimes a client program). To communicate via
network with such an application a proper network port must be chosen when
starting it (see our software
help pages for instructions for your particular application). BioHPC
servers have ports 8009 through 8039 open to Cornell campus network,
therefore you can access them from this network (or via VPN) by just
accessing proper URL in your local browser. For example when starting
Jupyter Notebooks you need to specify --port option, and it
needs to be a port between 8009 and 8039, for example 8016, then you can
access it via http://cbsuxxxxx.biohpc.cornell.edu:8016 from your local
browser. If you choose another port (outside the range 8009 to 8039), you
will only be able to access this application via a browser run on the
same server, therefore you will have to use X-Windows (X11) or VNC
to display it, which is MUCH slower and often problematic.