Skip to end of metadata
Go to start of metadata

Computerome requires 2-Factor authentication for access, using Entrust IdentityGuard Mobile app from Google Play or Apple App Store.


To register the Google Authenticator on our system please contact Computerome support and request a QR code.

Courses

Need help try a course

or a Video

Differences between Computerome 1.0 and Computerome 2.0

Computerome 2.0 has been built with similar principles and technologies, as Computerome 1.0. Those users, who will migrate their Computerome 1.0 projects to the new cluster, will experience the following differences:

  • The 2-factor authentication happens with either SMS codes or the Entrust IdentityGuard soft token. See the guide on how to set up this soft token. No other soft tokens (e.g. Google Authenticator) are available for Computerome 2.0.  

  • The virtual desktop solution relies on the regular ThinLinc client, which can be downloaded from Cendio’s website. Read more on this here.

  • Changes in the default project directory structure compared to the one in Computerome 1.0:

    • /home/projects/archive is removed. Computerome 2.0 does not provide archiving services.

    • /home/projects/<project>/backup has been created. In Computerome 2.0, only the data physically stored in the backup directory is backed up for disaster recovery purposes.

    • /home/people/<user> has now a 10 GB quote on each personal directory.

  • The support email for Computerome 2.0 changed to computerome@dtu.dk. Computerome 1.0 related requests and incidents remain to be reported to hpc@bio.dtu.dk.

There is no difference between Computerome 1.0 and Computerome 2.0 regarding:



SSH login to Computerome 2.0

Authorized users of Computerome 2.0 may log in using SSH version 2 to the interactive front-end node computerome.dk. 

Computerome 2.0 requires two-factor authentication for access:

  • Your user name is sent to you in email.
  • For first-factor authentication, use the temporary password sent to you in SMS. Change it at first login using passwd command.
  • For second-factor authentication, use:
    • either the passcode sent to you in SMS at login attempt (the default option),
    • or install the Entrust IdentityGuard Mobile app on your mobile to receive and approve push notifications. This is how you set up the soft token.


In Computerome 2.0, no other software token (e.g Google Authenticator) is available for second factor authentication, than Entrust IdentityGaurd Mobile app. 

ssh lifsci@ssh.computerome.dk
 
#############################################################
#                                                           #
#                 Welcome to Computerome 2.0                #
#                                                           #
#                         NOTICE !!!                        #
#        This system requires 2-factor authentication       #
#                                                           #
#       To login, type your password and press Enter.       #
#     This sends either an SMS passcode to your mobile      #
#    or a push-notification to Entrust IdentityGuard app.   #
#   If the push-notification times out, a new prompt line   #
#    asks for the 8 digit security code shown in the app.   #
#                                                           #
#           BY LOGGING INTO THIS SYSTEM YOU ACCEPT          #
#         COMPUTEROME'S TERMS AND CONDITIONS OF USE.        #
#                                                           #
#############################################################
 
Password: #Type your password here and press Enter, this will trigger the second-factor authentication and the cursor will pop up in the next line.
 
_ #Confirm the second-factor authentication request here by either entering the passcode received in SMS or confirming the Entrust push-notification on your mobile.
 
Enter a response from your token with serial number 06679-04429. #Pops up only when the Entrust push-notification times out. Type the 8 digit Entrust pascode here and press enter.
 
Last login: Fri Jan 10 12:10:38 2020 from <some IP address>
 
[lifsci@g-12-l0002 ~]$

Windows PC users

Windows PC users are recommended to use the free Windows SSH client PuTTY for command-line SSH login to Computerome. If you need to display graphical tools from Computerome on your Windows PC, PuTTY will forward your X11 (a.k.a. X-Windows) display onto your PC.

However, in order to Windows to actually display X11, you need to install an X11 server on your PC. Please, see the excellent X11 on Windows page on Niflheim Wiki for further information.

Several commercial solutions are also available, some even provide bundled SSH and X11 functionality - such as MobaXterm for instance.

MobaXterm and 2-factor authentication

MobaXterm does not "play nice" with 2-factor authentication.

Per default, MobaXterm will open an embedded SFTP browser (called SSH-browser) when you start the terminal; this does not work with 2-factor authentication, since it means that you will attempt to start two different connections simultaneously, resulting in unwanted behavior in your login.

To avoid this, you need to make the following changes to MobaXterm:

Settings => Configuration => SSH

SFTP settings
[ ] Enable graphical SSH-browser									<-- must be unchecked
[ ] Automatically switch to SSH-browser tab after login				<-- must be unchecked

Sessions settings
[V] Use 2-factor authentication for SSH gateways                    <-- must be checked 

On pre-11 versions of MobaXterm:

Settings => Configuration => SSH

SFTP settings
[ ] Use SSH-browser (graphical remote file browser in the sidebar)  <-- must be unchecked

Sessions settings
[V] Use 2-factor authentication for SSH gateways                    <-- must be checked 

On pre-9.3 versions of MobaXterm:

Session settings => SSH => Advanced SSH settings
[ ] Display SFTP browser   <-- must be unchecked
[V] 2-step authentication  <-- must be checked

You should always create a new connection in MobaXterm by clicking

Session => SSH/SFTP/SCP/<whatever>

Copy and paste problems on Computerome X applications when using Xquartz server on Mac

Ensure that your XQuartz → Preferences → Pasteboard settings are:
Enable syncing: y
Update Pasteboard when CLIPBOARD changes: n
Update CLIPBOARD when Pasteboard changes: y
Update PRIMARY (middle-click) when Pasteboard changes: y
Update Pasteboard immediately when new text is selected: n


If you try using ssh-type commands in the MobaXterm terminal window, 2-factor authentication will fail.

SFTP Client Configurations

In order to use most FTP/SFTP clients on a 2 factor system you will need to limit the maximum simultaneous connections to avoid multiple login prompts.
Here you can see how to setup the mostly used clients

Filezilla

Changes has been made in resent versions which means that Quickconnect no longer works with 2 factor authentication

GLOBAL
Go to Edit->Settings->Transfers 
Change Maximum simultaneous transfers to 1
SITE PROFILE / BOOKMARK
Go to File->Site Manager->(your profile)->Transfer settings
Check Limit number of simultaneous connections
Change Maximum number of connections to 1
Change Login type to Interactive

Cyberduck

As of CyberDuck 7.1, it no longer supports 2-Factor authentication.

Due to this, we recommend that you use a different tool, but if you insist to use CyberDuck, you need version 7.0.x.

GLOBAL
Go to Edit->Preferences->Transfers
Change Transfer Files to Use browser connection
SITE PROFILE / BOOKMARK
Right click your profile and select Edit Bookmark
Change Transfer Files to Use browser connection

Login access restrictions

Please note that for reasons of security, SSH login access is only possible from the known Internet domains of authorized users.

If your connection terminates unexpectedly

If you are connecting to Computerome though a slightly unstable connection (Internet/WAN/similar), you may experience that it terminates with messages like

packet_write_wait: ... Broken pipe error.
In such a case you could try adding the following to your ~/.ssh/config
ServerAliveInterval 60
If you are on Windows, using PuTTY, the equivalent is to set
PuTTY Configuration => Connection => Seconds between keepalives (0 to turn off): 60


Virtual desktop

Computerome 2.0 provides a virtual desktop solution based on Cendio ThinLinc. For Computerome 2.0 you need to download the regular ThinLinc client from Cendio’s website - as opposed to the customized ThinLinc clients used for Computerome 1.0. 

To install your ThinLinc client, download the suitable installation file and follow the wizard. Type desktop.computerome.dk into Server field. Provide your Computerome 2.0 user name and password and press Connect.



Press Continue, when the below window pops-up.


Press OK in the Login Banner window. After this a pop-up window will request the pass code for the 2-factor authentication.



Desktop login to Computerome 2.0

Computerome 2.0 provides a virtual desktop solution based on Cendio ThinLinc

ThincLinc Clients for Computerome 2.0

Thinlinc Client is available from Cendio download page. Below are direct links to version 4.10.1.

Several users experience that Gnome UI/UX runs very slow in Thinlinc. It is recommended to use other alternatives, such as Mate.

Loading anaconda module in your login environment will conflict with ThinLinc login - please ensure that your do not do this, if you plan to use ThinLink.

All ThinLinc Clients for Computerome as a single ZIP file

The ThinLinc Client Bundle contains all of the above, plus additional clients for thin clients such as Fujitsu Futro, Wyse, HP, Thinstation and IGEL.


If you get the message "no password configured for VNC Auth", you need to select the following in the ThinLinc Client startup:
[ v ] End existing session


Two-factor authentication


Computerome 2.0 requires two-factor authentication for access:

  • User name is sent to you in email.
  • For first factor authentication, use the temporary password sent to you in SMS. Change it at first login using passwd command.
  • For second factor authentication, use:
    • Either the passcode sent to you in SMS (the default option)
    • Or install the Entrust IdentityGuard soft token on your mobile.


In Computerome 2.0, no other software token is available for second factor authentication, than Entrust IdentityGaurd Mobile app.   


Setting up the Entrust IdentityGuard soft token


On your mobile phone:

1. Open Google Play or Apple App Store, and install the Entrust IdentityGuard Mobile app.

On your computer:

2. Open a web browser and go to: https://ssm.computerome.dk/IdentityGuardSelfService/authenticate/firstFactorAuthentication

3. Click on the “Let me use an OTP to log in” link in the bottom line.

         


It takes app. 10 minutes for the script to enable OTP after user activation. In case you get the below error message 10 minutes after you received the welcome mail, contact computerome@dtu.dk.

4. Type your personal Computerome 2.0 user name (sent to you in mail) into the User Name field. Press OK.

          

5. Click OK to the OTP (one-time password). This will send a code to your mobile phone in SMS.

          

6. Type the code received in SMS into the field. Press OK.

         

7. Press Yes in the next panel, as you already installed Entrust IdentityGuard Mobile application on your mobile phone in the very first step.

         

8. Select option 3 in the next panel saying, “I want to activate a soft token identity on a mobile device that may not be connected to the internet”. Press Next. The QR code will pop up in the browser.

On your mobile phone:

9. Open the Entrust IdentityGuard Mobile app on your mobile phone.

10. In the top left corner open the menu and select Scan QR Code menu item. This will activate the camera on your phone.

11. Use the camera to scan the QR code displayed in the web browser on your computer. When the mobile app reads to QR code, a field for the password pops up.

12. Enter the code in red letters displayed below the QR code in the web browser on your computer. Press OK.

13. The Activation Summery shows up in your app. Press Activate in the upper right corner.

14. Create the four digit PIN for accessing the Entrust IdentityGuard Mobile app on your mobile in the future.

15. You have successfully activated the soft token on your mobile phone.

16. The generated security code for the second factor authentication is shown in the mobile app.


On your computer:

17. Press Next in the browser. The below message is expected to be displayed in the browser.

18. Press Next, then Done in the browser. The soft token has been successfully activated. You may close the browser.



Working in projects


Background

Every user on Computerome has a HOME directory (/home/people/<user>), which contains for instance environment setup and everything else which is considered strictly user specific. For security reasons, HOME directory permissions are set (and enforced) so that only the user has access.

$ ls -ld /home/people/someuser
drwx------ 5 someuser someuser 235 Jun 24 10:17 /home/people/someuser

Because users will sometimes switch projects, graduate, change employment, etc., no project data or anything else project related should ever be kept in the HOME directory, but must be maintained in the Projects structure.

Projects in Computerome are identified by the following information:

  • <PROJECT>
    How the project is known to the world; usually also funding the project.
  • <project_NAME>
    How the project is referenced in DTU and Computerome; also the top-level name for the projects directory structure
  • <group_NAME>
    Official id assigned for the project by DTU Basen; this <group_NAME> is also the UNIX group, that controls the projects access to resources.Each individual <user> must be a member of Unix group <group_NAME> to be able to access data and submit jobs in the project.Individual <user>'s are added to or removed from Unix group <group_NAME>, depending on whether they should work in the project or not.

It is recommended, that <project_NAME> corresponds to the <PROJECT> that is funding the project.

In most cases (but not always) <group_NAME> and <project_NAME> will be the same, and have a format similar to pr_xxxxx or ku_xxxxx; for example pr_12345.
The simplest way to make sure is to first check your group memberships with the id command, and look for group(s) that do not match uid/gid:

$ id
uid=12321(lifesci) gid=12321(lifesci) groups=12321(lifesci),2345(pr_12345),4321(pr_54321)

and then look for those groups in the /home/project/ directories:

$ ls -l /home/project | grep -e pr_12345 -e pr_54321
drwxr-x---   8 pamar   pr_12345   147 Jan 19 12:45 pr_12345
drwxr-x---   4 pawbak  pr_54321    48 Sep 26 12:27 blip

To give <user> access to cluster data, batch jobs must be submitted with parameters '-W group_list=<group_NAME>' and '-A <group_NAME>' , where '-A' supplies account information for use in Moab Accounting Manager (MAM).



Project file structure

New projects are created with the following default directory structure:

/home/projects/<project>
./apps
./apps/modulefiles
./archive
./data
./data/generated
./data/raw
./people/<user>
./review
./scratch

The recommended usage is as follows:

  • /home/projects/<project>
    projects HOME directory
  • ./apps
    project specific applications - used when the project, for whichever reason, can not use the standard application provided in for instance /services/tools.(Common candidates include: anaconda, perl, qiime, R, ncbi-blast, samtools, bamtools, bedtools, java)
  • ./apps/modulefiles
    project specific modulefiles./archive./dataproject specific data
  • ./data/raw
    raw data
  • ./data/generated
    generated data
  • ./people/<user>
    each project members private, project related stuff (data, scripts, etc.)
  • ./scratch
    temporary or easily re-creatable data - using this may significantly decrease size and improve speed of backups.
    NOTE: Will not be backed up and will not be archived with project.
  • ./review
    (sub)sets of data, used for peer-review of articles.

This directory structure has been selected to ease close-down and archiving at the end of a project.



Database structure

Computerome also supplies access to a series of read-only reference databases.

/home/databases



Available software

Software installed on Computerome is managed through Environment Modules, invoked by the 'modules' commands.

For further information, please see Installed Software page.


Directory structure

It is crucial for a well-maintained data management practice, that there is a predefined data structure in the file system and all users in each group follow the guidelines. We differentiate three main data sets in Computerome 2.0:
  1. /home/people/
  2. /home/projects/
  3. /home/databases/


Recommendation for data structure:

./apps: for project specific applications - used when the project cannot use the standard applications provided for instance in /services/tools. Common candidates include: anaconda, perl, qiime, R, ncbi-blast, samtools, bamtools, bedtools, java.

./apps/modulefiles: for project specific module files

./backup: this directory is reserved for a copy of critical data - meaning raw data and scripts. This is the only directory that is backed up for disaster recovery purposes. It is the group owner's responsibility, that a copy of the project related critical files are physically stored in this directory. It is not possible to execute jobs using files in this directory. Note, that backup is not to be mistaken by roll-back. All data stored on Computerome 2.0 can be reverted up to 4 weeks back in the time.  

./data/: reserved for analyses and generated data, this is a general working directory.

./people/<user>: each project members project related content.

./scratch: for temporary data, relevant for some projects only. Changes in this directory are not logged and therefore cannot be reverted either.

In case you used to use Computerome 1.0, you might notice, that the ./archive directory has been removed from the directory tree. As Computerome 2.0 does not provide cold storage (data retention) services, the project owners are expected to remove retired data from Computerome 2.0 after computation completion or project termination.


Files under /home/people/

Each user has their own directory under /home/people/<user>/, which contains the environment setup and everything else which is considered strictly user specific. For security reasons, only the user has access to his/her directory.

Because users might switch projects, graduate, change work places, etc., no project data or anything else project related must be kept in the directory, but must be stored under the project directories instead, under /home/projects/<project_name>/. To enforce this rule in Computerome 2.0, there is a 10 GB quota on this directory.


Project files under /home/projects/ 

All project related data must be stored under /home/projects/<project_name>/. In order to keep a coherent data structure across all projects, each project is created with the same, default directory tree. As each project has different workflows and processes, the structure can be further tailored by adding sub directories.

/home/projects/<project_name>
./apps
./apps/modulefiles
./backup
./data
./people/<user>
./scratch


Reference databases under /home/databases/

Computerome provides access to a list of read-only reference databases under /home/databases/. Feel free to check the available list of data sets and use it in your projects. Users may request the download of additional reference databases by sending the request to computerome@dtu.dk.


Projects structure

Access to data and resources on is controlled through projects, assigned by DTU.

For further information, please see Working in projects page.


Running jobs


In general, and in the interest of the systems stability, jobs should not be run on the login node – it is only used as a platform to submit jobs into the high-performance cluster.

Compute resources in the cluster is accessed through a batch system, consisting of Moab Workload Manager and Torque Resource Manager.

Submitting jobs from the login node is described in Batch System.


Available software

Software installed on Computerome is managed through Environment Modules, invoked by the 'modules' commands.

For further information, please see Installed Software page.


Getting information about your usage of Computerome


To inquire about your usage of Computerome, you can run the usage command, available through the usage_script module

usage -u will provide information for yourself.

$ module load tools usage_script/2.0
$ usage -u
Usage report for <myself>
From 2016-01-04 to 2016-05-30
Account          CPU Hours       Jobs
-------------------------------------
pr_12345:         14832.89         13
pr_23451:         13018.72       2347
pr_34512:         26585.01        729
pr_45123:        264068.02       3248
-------------------------------------
Total:           318504.64       6337

usage -a <account> will provide information for any account you are member of.

$ usage -a pr_45123
Usage report for pr_45123
From 2016-01-03 to 2016-05-30
Users            CPU Hours       Jobs
-------------------------------------
<myself>:        264068.02       3248
<user1>:            521.38        552
<user2>:          14980.62       5599
<user3>:         282747.90       5867
s123924:             76.87         14
salling:             72.32        472
shygop:           11404.77        602
sira:             36023.86      27264
vandam:             170.52         56
-------------------------------------
Total:           610066.25      43674


Courses

Option 1: Hackinars in Computerome

Try the self help guide from the Hackinars in Computerome

Hackinars_in_Computerome-wiki.pdf/

Hackinars_in_Computerome-wiki.pptx



Option 2: Contact Computerome

Computerome organizes courses on request - Contact 




Reporting problems

Please report problems to Computerome support.