Getting Started - new users

Computerome 2.0 requires two-factor authentication for access:

• Your user name is sent to you in email.
• For first-factor authentication, use the temporary password sent to you in SMS. Change it at first login using passwd command.
• For second-factor authentication, use:
  • either the passcode sent to you in SMS at login attempt (the default option),
  • or install the Entrust IdentityGuard Mobile app on your mobile to receive and approve push notifications. This is how you set up the soft token.

Please note: lifsci is fictional user for educational purposes. Please replace it with the username sent to you - <username>@ssh.computerome.dk

ssh lifsci@ssh.computerome.dk
 
#############################################################
#                                                           #
#                 Welcome to Computerome 2.0                #
#                                                           #
#                         NOTICE !!!                        #
#        This system requires 2-factor authentication       #
#                                                           #
#       To login, type your password and press Enter.       #
#     This sends either an SMS passcode to your mobile      #
#    or a push-notification to Entrust IdentityGuard app.   #
#   If the push-notification times out, a new prompt line   #
#    asks for the 8 digit security code shown in the app.   #
#                                                           #
#           BY LOGGING INTO THIS SYSTEM YOU ACCEPT          #
#         COMPUTEROME'S TERMS AND CONDITIONS OF USE.        #
#                                                           #
#############################################################
 
Password: #Type your password here and press Enter, this will trigger the second-factor authentication and the cursor will pop up in the next line.
 
_ #Confirm the second-factor authentication request here by either entering the passcode received in SMS or confirming the Entrust push-notification on your mobile.
 
Enter a response from your token with serial number 06679-04429. #Pops up only when the Entrust push-notification times out. Type the 8 digit Entrust pascode here and press enter.
 
Last login: Fri Jan 10 12:10:38 2020 from <some IP address>
 
[lifsci@g-12-l0002 ~]$

Windows PC users

Windows PC users are recommended to use the free Windows SSH client PuTTY for command-line SSH login to Computerome. If you need to display graphical tools from Computerome on your Windows PC, PuTTY will forward your X11 (a.k.a. X-Windows) display onto your PC.

However, in order to Windows to actually display X11, you need to install an X11 server on your PC. Please, see the excellent X11 on Windows page on Niflheim Wiki for further information.

Several commercial solutions are also available, some even provide bundled SSH and X11 functionality - such as MobaXterm for instance.

MobaXterm and 2-factor authentication

Per default, MobaXterm will open an embedded SFTP browser (called SSH-browser) when you start the terminal; this does not work with 2-factor authentication, since it means that you will attempt to start two different connections simultaneously, resulting in unwanted behavior in your login.

To avoid this, you need to make the following changes to MobaXterm:

Settings => Configuration => SSH

SFTP settings
[ ] Enable graphical SSH-browser									<-- must be unchecked
[ ] Automatically switch to SSH-browser tab after login				<-- must be unchecked

Sessions settings
[V] Use 2-factor authentication for SSH gateways                    <-- must be checked 

You should always create a new connection in MobaXterm by clicking

Session => SSH/SFTP/SCP/<whatever>

Enable syncing: y
Update Pasteboard when CLIPBOARD changes: n
Update CLIPBOARD when Pasteboard changes: y
Update PRIMARY (middle-click) when Pasteboard changes: y
Update Pasteboard immediately when new text is selected: n

If you try using ssh-type commands in the MobaXterm terminal window, 2-factor authentication will fail.

SFTP Client Configurations

In order to use most FTP/SFTP clients on a 2 factor system you will need to limit the maximum simultaneous connections to avoid multiple login prompts. You should also set up Entrust as your Two-Factor Authentication method. 
Here you can see how to setup the mostly used clients. 

Filezilla - free FTP solution

Go to Edit->Settings->Transfers 
Change Maximum simultaneous transfers to 1

Go to File->Site Manager->(your profile)->Transfer settings
Check Limit number of simultaneous connections
Change Maximum number of connections to 1
Change Login type to Interactive

WinSCP - Free SFTP. SCP, S3 and FTP client for Windows

Seems to be a good solution for Windows.

Cyberduck - storage browser for Mac and Windows

Go to Edit->Preferences->Transfers
Change Transfer Files to Use browser connection

Right click your profile and select Edit Bookmark
Change Transfer Files to Use browser connection

Login access restrictions

Please note that for reasons of security, SSH login access is only possible from the known Internet domains of authorized users.

If your connection terminates unexpectedly

If you are connecting to Computerome though a slightly unstable connection (Internet/WAN/similar), you may experience that it terminates with messages like

packet_write_wait: ... Broken pipe error.

In such a case you could try adding the following to your ~/.ssh/config

ServerAliveInterval 60

If you are on Windows, using PuTTY, the equivalent is to set

PuTTY Configuration => Connection => Seconds between keepalives (0 to turn off): 60

To install your ThinLinc client, download the suitable installation file and follow the wizard. Type desktop.computerome.dk into Server field. Provide your Computerome 2.0 user name and password and press Connect.

Press Continue, when the below window pops-up.

Press OK in the Login Banner window. After this a pop-up window will request the pass code for the 2-factor authentication.

ThincLinc Clients for Computerome 2.0

Thinlinc Client is available from Cendio download page. 

Computerome 2.0 requires two-factor authentication for access:

• User name is sent to you in email.
• For first factor authentication, use the temporary password sent to you in SMS. Change it at first login using passwd command.
• For second factor authentication, use:
  • Either the passcode sent to you in SMS (the default option)
  • Or install the Entrust IdentityGuard soft token on your mobile.

Setting up the Entrust Identity soft token

On your mobile phone:

1. Open Google Play or Apple App Store, and install the Entrust Identity app.

On your computer:

2. Open a web browser and go to: https://ssm.computerome.dk/IdentityGuardSelfService/authenticate/firstFactorAuthentication

3. Click on the “Let me use an OTP to log in” link in the bottom line.

4. Type your personal Computerome 2.0 user name (sent to you in mail) into the User Name field. Press OK.

5. Click OK to the OTP (one-time password). This will send a code to your mobile phone in SMS.

6. Type the code received in SMS into the field. Press OK.

7. Press Yes in the next panel, as you already installed Entrust Identity application on your mobile phone in the very first step.

8. Select option 3 in the next panel saying, “I want to activate a soft token identity on a mobile device that may not be connected to the internet”. Press Next. The QR code will pop up in the browser.

On your mobile phone:

9. Open the Entrust Identity app on your mobile phone.

10. In the top left corner open the menu and select Scan QR Code menu item. This will activate the camera on your phone.

11. Use the camera to scan the QR code displayed in the web browser on your computer. When the mobile app reads to QR code, a field for the password pops up.

12. Enter the code in red letters displayed below the QR code in the web browser on your computer. Press OK.

13. The Activation Summery shows up in your app. Press Activate in the upper right corner.

14. Create the four digit PIN for accessing the Entrust Identity app on your mobile in the future.

15. You have successfully activated the soft token on your mobile phone.

16. The generated security code for the second factor authentication is shown in the mobile app.

On your computer:

17. Press Next in the browser. The below message is expected to be displayed in the browser.

18. Press Next, then Done in the browser. The soft token has been successfully activated. You may close the browser.

Background

Every user on Computerome has a HOME directory (/home/people/<user>), which contains for instance environment setup and everything else which is considered strictly user specific. For security reasons, HOME directory permissions are set (and enforced) so that only the user has access. Home directories are free of charge and limited to 10 GB. 

$ ls -ld /home/people/lifsci
drwx------ 5 lifsci lifsci 235 Jun 24 10:17 /home/people/lifsci

Because users will sometimes switch projects, graduate, change employment, etc., no project data or anything else project related should ever be kept in the HOME directory, but must be maintained in the Projects structure.

Projects in Computerome are identified by the following information:

• <PROJECT>
  How the project is known to the world; usually also funding the project.
• <project_NAME>
  How the project is referenced in DTU and Computerome; also the top-level name for the projects directory structure
• <group_NAME>
  Official id assigned for the project by DTU Basen; this <group_NAME> is also the UNIX group, that controls the projects access to resources.Each individual <user> must be a member of Unix group <group_NAME> to be able to access data and submit jobs in the project.Individual <user>'s are added to or removed from Unix group <group_NAME>, depending on whether they should work in the project or not.

It is recommended, that <project_NAME> corresponds to the <PROJECT> that is funding the project.

In most cases (but not always) <group_NAME> and <project_NAME> will be the same, and have a format similar to pr_xxxxx or ku_xxxxx; for example pr_12345.
The simplest way to make sure is to first check your group memberships with the id command, and look for group(s) that do not match uid/gid:

$ id
uid=12321(lifsci) gid=12321(lifsci) groups=12321(lifsci),2345(pr_12345),4321(pr_54321)

and then look for those groups in the /home/project/ directories:

$ ls -l /home/project | grep -e pr_12345 -e pr_54321
drwxr-x---   8 lifsci   pr_12345   147 Jan 19 12:45 pr_12345
drwxr-x---   4 lifsci   pr_54321    48 Sep 26 12:27 pr_54321

To give <user> access to cluster data, batch jobs must be submitted with parameters '-W group_list=<group_NAME>' and '-A <group_NAME>' , where '-A' supplies account information for use in Moab Accounting Manager (MAM).

Project file structure

New projects are created with the following default directory structure:

/home/projects/<project>
./apps
./apps/modulefiles
./archive
./data
./people/<user>
./scratch

The recommended usage is as follows:

• /home/projects/<project>
  projects HOME directory
• ./apps
  project specific applications - used when the project, for whichever reason, can not use the standard application provided in for instance /services/tools.(Common candidates include: anaconda, perl, qiime, R, ncbi-blast, samtools, bamtools, bedtools, java)
• ./apps/modulefiles
  project specific modulefiles./archive./dataproject specific data
• ./people/<user>
  each project members private, project related stuff (data, scripts, etc.)
• ./scratch
  temporary or easily re-creatable data - using this may significantly decrease size and improve speed of backups.
  NOTE: Will not be backed up and will not be archived with project.

This directory structure has been selected to ease close-down at the end of a project.

As Computerome 2.0 does not provide cold storage (data retention) services, the project owners are expected to remove retired data from Computerome 2.0 after computation completion or project termination.

Database structure

Computerome also supplies access to a series of read-only reference databases.

/home/databases

For further information, please see Installed Software page.

Compute resources in the cluster is accessed through a batch system, consisting of Moab Workload Manager and Torque Resource Manager.

Submitting jobs from the login node is described in Batch System.

For further information, please see Installed Software page.

usage -u will provide information for yourself.

$ module load tools usage_script/2.0
$ usage -u
Usage report for <lifsci>
From 2016-01-04 to 2016-05-30
Account          CPU Hours       Jobs
-------------------------------------
pr_12345:         14832.89         13
pr_23451:         13018.72       2347
pr_34512:         26585.01        729
pr_45123:        264068.02       3248
-------------------------------------
Total:           318504.64       6337

usage -a <account> will provide information for any account you are member of.

$ usage -a pr_45123
Usage report for pr_45123
From 2016-01-03 to 2016-05-30
Users            CPU Hours       Jobs
-------------------------------------
<lifsci>:        264068.02       3248
<user1>:            521.38        552
<user2>:          14980.62       5599
<user3>:         282747.90       5867
-------------------------------------
Total:           610066.25      43674

Beginner Computerome Workshops

ComputeromeUserWorkshop_SlideDeck_03/03/2022.pptx

ComputeromeUserWorkshop_SlideDeck_10/03/2021.pdf

Workshops and Courses on Request

We organize training courses and workshops on request. Please contact us at computerome@dtu.dk. 

Hackinars in Computerome 

Try the self-help guide from the Hackinars in Computerome 

Hackinars_in_Computerome_07/03/2016-wiki.pdf

Hackinars_in_Computerome_07/03/2016-wiki.pptx

(please note that some information may be outdated)