Access: Difference between revisions

From NU HPC Wiki
Jump to navigation Jump to search
VisualWikitext
No edit summary
No edit summary
 
(42 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Getting an account ==
== Getting an account ==
Getting an account and using NU HPC facilities is free of charge for all NU faculty, research assistants, and students. However, opening an account for a research assistant or student requires sponsorship/authorization by their PI (Principal Investigator of a research project; typically a faculty member or head of a lab). Therefore, no accounts will be created at the direct request of a student or RA. The procedure must be initiated by the PI. It is assumed that the PIs take '''full responsibility''' for the proper use of the HPC facilities by their group members and their compliance with basic cybersecurity rules.
Access to NU HPC facilities is free of charge for all NU faculty, research assistants, and students. However, accounts for research assistants and students must be sponsored and authorized by their PI (Principal Investigator—typically a faculty member or lab head). Accounts cannot be created at the direct request of students or research assistants; the request must always be initiated by the PI. PIs are expected to take '''full responsibility''' for the proper use of HPC facilities by their group members, including compliance with cybersecurity and acceptable-use policies. All NU HPC users must have a valid nu.edu.kz corporate email address.


Below are step-by-step instructions for PIs to request new accounts for themselves and their group members. Please be aware that all users must have a valid nu.edu.kz corporate email address.
Below are step-by-step instructions for PIs to request new accounts for themselves and/or their group members:


# To create a new group on Shabyt cluster, under which group member accounts may be added later, the PI should fill out the corresponding form in the [https://helpdesk.nu.edu.kz/support/catalog/items/326 ticketing system]. Instructions for creating a request in the ticketing system can be found [https://helpdesk.nu.edu.kz/support/catalog/items/326 here]. If, at the time of filling out this form, the PI already knows who of his group members need accounts on Shabyt, he/she can indicate the names, emails, and positions of these people right in that form. Please note that the form must be filled by the PI only, regardless of the fact who the accounts are for and how many of them need to be created. Group members cannot request accounts by themselves.
# To create a new group on NU HPC clusters (to which member accounts can later be added), the PI must complete the form in the [https://helpdesk.nu.edu.kz/support/catalog/items/326 NU IT Helpdesk ticketing system]. Instructions for submitting this request are provided on the same Helpdesk page. If, at the time of submission, the PI already knows which research group members require accounts on Shabyt, their names, emails, and positions may be included directly in the form. Please note that '''only the PI may complete this form''', regardless of how many accounts are requested or who they are for. Group members are not permitted to request accounts or submit forms on their own.
# NU HPC team will process the application form and approve/reject it based on the information provided.
# The NU HPC team will review the application form and approve or reject it based on the information provided.
# When the application is approved, a username, temporary password, and first time login instructions will be communicated by the HPC administrator to each new user individually.
# Once approved, each new user will receive their username, a temporary password, and first-time login instructions directly from an HPC administrator.
# Having the credentials received from the HPC admins, users should connect to the cluster(s) where they have accounts by means of the SSH (secure shell) protocol. No other connection type is supported. Copying files to/from the cluster(s) can be done either via SFTP (secure ftp) or SCP (secure copy) command.
# If there is a need to add or remove group member accounts under a specific PI after the initial group has been created, the PI may submit a request through the [https://helpdesk.nu.edu.kz/support/catalog/items/272 NU Helpdesk ticketing system] (select ''HPC User Management'' in the drop-down menu) or by contacting the HPC administrators at [mailto:hpcadmin@nu.edu.kz hpcadmin@nu.edu.kz]. For new account requests, the PI must provide all required information about each group member (full name, email, position, and phone/messenger number).
# The PI assumes full responsibility for the proper use of the HPC systems by the group members. Use for non-research purposes, irresponsible actions that may lead to the damage or malfunctioning of the system, and abuse of NU cybersecurity policies may lead to account suspension and further administrative procedures. If the PI cannot take responsibility for the group members then he/she should not request accounts for them.
 
# In the case if there is a need to add or remove a group member account under a specific PI after the initial setup (after the form was filled), the PI should contact HPC admin via email [mailto:hpcadmin@nu.edu.kz hpcadmin@nu.edu.kz]. If new accounts are to be added, the PI must provide all the necessary information about the new group members (i.e. name, email, position).
Important notes:
 
* The PI assumes full responsibility for the proper use of HPC systems by their group members. If the PI cannot or does not wish to take this responsibility, they should not request accounts for them. 
* Use of NU HPC resources must comply with the [[Acceptable Use Policy]]. Non-research activities, irresponsible actions that could damage or disrupt the system, or violations of NU cybersecurity policies may result in account suspension and further administrative action.
* As stated in the [[Acceptable Use Policy]], account sharing is strictly prohibited. The PI must request a separate account for each group member—a process that is quick and straightforward. To facilitate collaboration, a shared directory is automatically created for each group on our HPC clusters: <code>/zdisk/<groupname></code>. This directory can be used by group members to exchange files and data securely.


== Access instructions ==
== Access instructions ==


==== Use of VPN ====
=== Use of VPN ===
Only direct connections that originate from the internal campus network are allowed at this time. Users who connect from outside of campus must use VPN (Virtual Private Network) to access NU HPC facilities. This requires downloading and installing GlobalProtect VPN software. Please go to [https://helpdesk.nu.edu.kz/support/home NU Help Desk] and type <code>VPN</code> in the search box. There should be a form that requests VPN access by NU employees and RAs (an approval by the PI may be required). Read the corresponding instructions, which are also available there. Please keep in mind that NU VPN policies may change with time. Also note that NU HPC team does not manage VPN access of the employees and is not responsible for its operation. For any issues and inquiries regarding VPN please contact NU Help Desk directly by submitting a ticket through the ticketing system. Please remember that the VPN access is necessary only if you are outside of the NU campus network. If you connect from campus you do not need to use any VPN software (in fact, you will not be able to establish a VPN connection then).   
Access to NU HPC facilities is currently restricted to connections originating from the internal campus network. Users connecting from outside the campus must use a VPN (Virtual Private Network). At NU, this requires the <code>GlobalProtect</code> VPN client.   


Note that using GlobalProtect corporate VPN is somewhat different from using consumer VPN products such as NordVPN, Surfshark, ExpressVPN, etc. While the latter ones typically route ''all'' your network connections through one of their servers, which may result in significantly reduced data transmission speeds, running GlobalProtect VPN on your computer or device does not affect any of your connections with hosts located outside of NU (e.g. Youtube in a web browser). GlobalProtect VPN just enables secure connections with hosts that are located on NU local network, as if you were sitting on NU campus. Thus, running GlobalProtect VPN in background should not affect your common internet activities, such as reading news, listening podcasts, or watching videos. Neither it should affect your SSH connections with external hosts that do not belong to NU network. Therefore you can leave GlobalProtect VPN on at all times on your computer.  
To request VPN access: 
* Visit the [https://helpdesk.nu.edu.kz/support/home NU IT Helpdesk] and type <code>VPN</code> in the search box.
* Fill out the VPN access request form (available for NU employees and research assistants; PI approval may be required).
* Follow the instructions provided on the Helpdesk page.


==== Hosts ====
Please note: 
* NU VPN policies are subject to change. 
* The NU HPC team does '''not''' manage VPN accounts and is not responsible for their operation. For all VPN-related issues, contact the NU Helpdesk directly by submitting a support ticket. 
* VPN access is required only when connecting from '''outside''' the NU campus network. On campus, VPN is unnecessary—and in fact, a VPN connection cannot be established. 
 
GlobalProtect corporate VPN differs significantly from consumer services such as NordVPN, Surfshark, or ExpressVPN. Consumer VPNs typically route ''all'' of your internet traffic through an external server, which can reduce bandwidth and slow down general browsing. By contrast, GlobalProtect VPN only secures connections to hosts located on the NU internal network, making your device behave as if it were physically on campus. It does not affect regular internet traffic to external sites (e.g., YouTube, online news, or podcasts), nor does it interfere with SSH connections to non-NU hosts. Because of this, you may safely leave GlobalProtect VPN running in the background at all times without impacting your everyday internet activities.
 
=== Hosts ===
When a user is on the campus network or connected to it via VPN, he/she should use the SSH protocol (with the default port 22) to establish a connection with the interactive login/management node of the system they intend to use. The IP addresses of the login nodes are as follows:
When a user is on the campus network or connected to it via VPN, he/she should use the SSH protocol (with the default port 22) to establish a connection with the interactive login/management node of the system they intend to use. The IP addresses of the login nodes are as follows:
{| class="wikitable"
{| class="wikitable"
Line 25: Line 39:
!Numeric IP address
!Numeric IP address
!Host name
!Host name
|-
|Irgetas cluster
|<code>172.25.1.32</code>
|<code>irgetas</code>
|-
|-
|Shabyt cluster
|Shabyt cluster
|10.3.64.61
|<code>10.3.64.61</code>
|shabyt
|<code>shabyt</code>
|-
|-
|Muon cluster
|Muon cluster
|10.3.64.46
|<code>10.3.64.46</code>
|muon
|<code>muon</code>
|}
|}


==== Two-factor authentication ====
=== Two-factor authentication ===
Access to NU HPC systems requires two-factor authentication, i.e. you will be prompted your password (first factor) and a six-digit PIN code (second factor). Before you login for the first time, you will need to add a token to your mobile phone. Each new user receives a username, password, and QR code through email by the NU HPC admin. Please follow the following steps:
Access to NU HPC systems requires two-factor authentication (2FA). You will be prompted to enter your password (first factor) and a six-digit PIN code (second factor). Before your first login, you must add a token to your mobile phone. Each new user receives a username, temporary password, and a QR code by email from the NU HPC administrator. Please follow the following steps:


# Open the App Store on your iOS device or Google Play Store on your Android device.
# Open the App Store on your iOS device or Google Play Store on your Android device.
Line 43: Line 61:
# After setup is complete, you will be able to use the Google Authenticator app to generate a verification code when prompted during the login process. Please scan the QR code that is sent to you.
# After setup is complete, you will be able to use the Google Authenticator app to generate a verification code when prompted during the login process. Please scan the QR code that is sent to you.


==== SSH client software ====
=== SSH client software ===
There is a multitude of free and powerful third-party SSH clients available for any operating system. Moreover, Windows, Linux, and MacOS all have native SSH clients built directly into the command line. For example, in Windows, one can just launch the command prompt (press Windows+R keys, type cmd.exe, and hit enter) and initiate an SSH session from there by typing <code>ssh myusername@shabyt</code> or <code>ssh myusername@10.3.64.61</code>. You will be prompted to confirm the authenticity of the host (only when you connect for the first time) by typing ''yes'', and then enter your first factor (password) and second factor (6-digit PIN shown in Google Authenticator app on your phone)  
There are many free and powerful third-party SSH clients available for all major operating systems. In addition, Windows, Linux, and macOS each include a native SSH client accessible directly from the command line.
For example, in Windows you can simply open the Command Prompt (press <code>Windows</code>+<code>R</code>, type <code>cmd.exe</code>, and press Enter) and start an SSH session by typing: <code>ssh yourusername@shabyt</code>
or <code>ssh yourusername@10.3.64.61</code>. On your first connection, you will be asked to confirm the authenticity of the host by typing <code>yes</code>. You will then be prompted to enter your password (first factor) followed by the six-digit PIN from the Google Authenticator app on your phone (second factor)


[[File:Cmd connect 1.png|frameless|447x447px]] [[File:Cmd connect 2.png|frameless|447x447px]]
[[File:Cmd connect 1.png|frameless|447x447px]] [[File:Cmd connect 2.png|frameless|447x447px]]


If you wish to use a SSH client with a graphical user interface on Windows, we can recommend PuTTY, which can be downloaded from [https://url.com here]. Here is an illustration how you can connect with PuTTY:
If you prefer to use an SSH client with a graphical user interface on Windows, we recommend [https://www.putty.org/ PuTTY]. The following illustration shows how to connect using PuTTY: 
 
* In the PuTTY configuration window, enter <code>10.3.64.61</code> (the IP address of the Shabyt login node) in the <code>Host Name</code> field. 
* Under <code>Connection type</code>, select <code>SSH</code>. 
* Click the <code>Open</code> button. 
* On your first connection, PuTTY will display a security alert. Confirm it by clicking <code>Accept</code>. 
* A terminal window will open, prompting you to enter your username. Type your username and press <code>Enter</code>. 
* You will then be asked to enter your two authentication factors:
** First factor: your password 
** Second factor: the six-digit PIN generated by the Google Authenticator app on your phone 


* In the PuTTY configuration window, enter 10.3.64.61 (the IP address of the Shabyt login node) in field "Host Name"
* Choose the field "Connection type" choose SSH
* Press the "Open" button
* When connecting for the first time, PuTTY will show a security alert. Accept it by pressing the "Accept" button
* Next a terminal will prompt you to enter your username. After your entering your username press enter
* You will be prompted to enter your first factor (password) and second factor (6-digit PIN shown in Google Authenticator app on your phone)


[[File:Putty.png|frameless|285x285px]] [[File:Known host.png|frameless|408x408px]] [[File:Login as.png|frameless|406x406px]]
[[File:Putty.png|frameless|285x285px]] [[File:Known host.png|frameless|408x408px]] [[File:Login as.png|frameless|406x406px]]


==== Transferring files ====
=== Transferring files ===
You can transfer files between your personal computer and HPC clusters using the <code>scp</code> command in the terminal. This command operates similar to the standard Linux <code>cp</code> command, but it allows you to specify a remote address/location in place of the source or destination file. For example, if you wish to copy a file called <code>myfile.dat</code> located in directory <code>/my/local/path/</code> on your computer to a directory called <code>/my/remote/path/</code> that is located inside your home directory on Shabyt cluster you can type the following command in the terminal:   
Files can be transferred between your personal computer and the HPC clusters using the <code>scp</code> command in the terminal. This command works like the standard Unix <code>cp</code> command, but allows you to specify a remote address as the source or destination. For example, to copy a file called <code>myfile.dat</code> from the local directory <code>/my/local/path/</code> on your computer to the remote directory <code>my/remote/path/</code> inside your home directory on the Shabyt cluster, use:   


<code>scp /my/local/path/myfile.dat john.smith@shabyt:~/my/remote/path/</code>  
<code>scp /my/local/path/myfile.dat john.smith@shabyt:~/my/remote/path/</code>


where <code>john.smith</code> is your Shabyt username and the tilde sign <code>~</code> is a short substitute for your remote home directory path (in the case of Shabyt the tilde is equivalent to <code>/shared/home/john.smith</code>).
Here, <code>john.smith</code> is your Shabyt username, and the tilde <code>~</code> is shorthand for your remote home directory path. On Shabyt, this corresponds to <code>/shared/home/john.smith</code>, so the full destination path would be <code>/shared/home/john.smith/my/remote/path</code>.  


As an alternative to <code>scp</code>, you can invoke the <code>sftp</code> command line utility (similar to the standard and unencrypted <code>ftp</code>) that uses Secure File Transfer Protocol (SFTP) for remote file operations.   
As an alternative to <code>scp</code>, you can use the <code>sftp</code> command-line utility. This works like the traditional (but insecure) <code>ftp</code> command, but uses the Secure File Transfer Protocol (SFTP) for encrypted transfers.   


If you prefer a graphical user interface for file transfer, there is a multitude of free and commercial SFTP or SCP clients. One of the most popular clients with graphical interface that supports the SFTP protocol is FileZilla. It can be downloaded from [https://filezilla-project.org/ here].
If you prefer a graphical interface for file transfer, there are many free and commercial SFTP and SCP clients available. A widely used option that supports SFTP on all major operating systems is [https://filezilla-project.org/ FileZilla]. For Microsoft Windows users, another popular choice is [https://winscp.net/ WinSCP].


__FORCETOC__
__FORCETOC__

Latest revision as of 00:26, 27 September 2025

Getting an account

Access to NU HPC facilities is free of charge for all NU faculty, research assistants, and students. However, accounts for research assistants and students must be sponsored and authorized by their PI (Principal Investigator—typically a faculty member or lab head). Accounts cannot be created at the direct request of students or research assistants; the request must always be initiated by the PI. PIs are expected to take full responsibility for the proper use of HPC facilities by their group members, including compliance with cybersecurity and acceptable-use policies. All NU HPC users must have a valid nu.edu.kz corporate email address.

Below are step-by-step instructions for PIs to request new accounts for themselves and/or their group members:

  1. To create a new group on NU HPC clusters (to which member accounts can later be added), the PI must complete the form in the NU IT Helpdesk ticketing system. Instructions for submitting this request are provided on the same Helpdesk page. If, at the time of submission, the PI already knows which research group members require accounts on Shabyt, their names, emails, and positions may be included directly in the form. Please note that only the PI may complete this form, regardless of how many accounts are requested or who they are for. Group members are not permitted to request accounts or submit forms on their own.
  2. The NU HPC team will review the application form and approve or reject it based on the information provided.
  3. Once approved, each new user will receive their username, a temporary password, and first-time login instructions directly from an HPC administrator.
  4. If there is a need to add or remove group member accounts under a specific PI after the initial group has been created, the PI may submit a request through the NU Helpdesk ticketing system (select HPC User Management in the drop-down menu) or by contacting the HPC administrators at hpcadmin@nu.edu.kz. For new account requests, the PI must provide all required information about each group member (full name, email, position, and phone/messenger number).

Important notes:

  • The PI assumes full responsibility for the proper use of HPC systems by their group members. If the PI cannot or does not wish to take this responsibility, they should not request accounts for them.
  • Use of NU HPC resources must comply with the Acceptable Use Policy. Non-research activities, irresponsible actions that could damage or disrupt the system, or violations of NU cybersecurity policies may result in account suspension and further administrative action.
  • As stated in the Acceptable Use Policy, account sharing is strictly prohibited. The PI must request a separate account for each group member—a process that is quick and straightforward. To facilitate collaboration, a shared directory is automatically created for each group on our HPC clusters: /zdisk/<groupname>. This directory can be used by group members to exchange files and data securely.

Access instructions

Use of VPN

Access to NU HPC facilities is currently restricted to connections originating from the internal campus network. Users connecting from outside the campus must use a VPN (Virtual Private Network). At NU, this requires the GlobalProtect VPN client.

To request VPN access:

  • Visit the NU IT Helpdesk and type VPN in the search box.
  • Fill out the VPN access request form (available for NU employees and research assistants; PI approval may be required).
  • Follow the instructions provided on the Helpdesk page.

Please note:

  • NU VPN policies are subject to change.
  • The NU HPC team does not manage VPN accounts and is not responsible for their operation. For all VPN-related issues, contact the NU Helpdesk directly by submitting a support ticket.
  • VPN access is required only when connecting from outside the NU campus network. On campus, VPN is unnecessary—and in fact, a VPN connection cannot be established.

GlobalProtect corporate VPN differs significantly from consumer services such as NordVPN, Surfshark, or ExpressVPN. Consumer VPNs typically route all of your internet traffic through an external server, which can reduce bandwidth and slow down general browsing. By contrast, GlobalProtect VPN only secures connections to hosts located on the NU internal network, making your device behave as if it were physically on campus. It does not affect regular internet traffic to external sites (e.g., YouTube, online news, or podcasts), nor does it interfere with SSH connections to non-NU hosts. Because of this, you may safely leave GlobalProtect VPN running in the background at all times without impacting your everyday internet activities.

Hosts

When a user is on the campus network or connected to it via VPN, he/she should use the SSH protocol (with the default port 22) to establish a connection with the interactive login/management node of the system they intend to use. The IP addresses of the login nodes are as follows:

System Numeric IP address Host name
Irgetas cluster 172.25.1.32 irgetas
Shabyt cluster 10.3.64.61 shabyt
Muon cluster 10.3.64.46 muon

Two-factor authentication

Access to NU HPC systems requires two-factor authentication (2FA). You will be prompted to enter your password (first factor) and a six-digit PIN code (second factor). Before your first login, you must add a token to your mobile phone. Each new user receives a username, temporary password, and a QR code by email from the NU HPC administrator. Please follow the following steps:

  1. Open the App Store on your iOS device or Google Play Store on your Android device.
  2. Search for and install the Google Authenticator (App Store) or Google Authenticator (Google Play Store)
  3. Once installed, open the app and follow the on-screen instructions to set it up.
  4. After setup is complete, you will be able to use the Google Authenticator app to generate a verification code when prompted during the login process. Please scan the QR code that is sent to you.

SSH client software

There are many free and powerful third-party SSH clients available for all major operating systems. In addition, Windows, Linux, and macOS each include a native SSH client accessible directly from the command line. For example, in Windows you can simply open the Command Prompt (press Windows+R, type cmd.exe, and press Enter) and start an SSH session by typing: ssh yourusername@shabyt or ssh yourusername@10.3.64.61. On your first connection, you will be asked to confirm the authenticity of the host by typing yes. You will then be prompted to enter your password (first factor) followed by the six-digit PIN from the Google Authenticator app on your phone (second factor).

If you prefer to use an SSH client with a graphical user interface on Windows, we recommend PuTTY. The following illustration shows how to connect using PuTTY:

  • In the PuTTY configuration window, enter 10.3.64.61 (the IP address of the Shabyt login node) in the Host Name field.
  • Under Connection type, select SSH.
  • Click the Open button.
  • On your first connection, PuTTY will display a security alert. Confirm it by clicking Accept.
  • A terminal window will open, prompting you to enter your username. Type your username and press Enter.
  • You will then be asked to enter your two authentication factors:
    • First factor: your password
    • Second factor: the six-digit PIN generated by the Google Authenticator app on your phone


Transferring files

Files can be transferred between your personal computer and the HPC clusters using the scp command in the terminal. This command works like the standard Unix cp command, but allows you to specify a remote address as the source or destination. For example, to copy a file called myfile.dat from the local directory /my/local/path/ on your computer to the remote directory my/remote/path/ inside your home directory on the Shabyt cluster, use:

scp /my/local/path/myfile.dat john.smith@shabyt:~/my/remote/path/

Here, john.smith is your Shabyt username, and the tilde ~ is shorthand for your remote home directory path. On Shabyt, this corresponds to /shared/home/john.smith, so the full destination path would be /shared/home/john.smith/my/remote/path.

As an alternative to scp, you can use the sftp command-line utility. This works like the traditional (but insecure) ftp command, but uses the Secure File Transfer Protocol (SFTP) for encrypted transfers.

If you prefer a graphical interface for file transfer, there are many free and commercial SFTP and SCP clients available. A widely used option that supports SFTP on all major operating systems is FileZilla. For Microsoft Windows users, another popular choice is WinSCP.


Retrieved from "https://hpc.nu.edu.kz/index.php?title=Access&oldid=1189"