- The Allocation Process
- Encryption Software
- Connecting to NCSA Systems
- NCSA HPC Systems
- Archival Storage System
- Access Methods
1. The Allocation Process
NCSA supports high-performance computing resources that are allocated to
eligible principal investigators through a peer-review process.
To best serve the needs of all users, TeraGrid employs a multi-tiered
allocations process.
Details on the allocations process,
eligibility requirements for principal investigators, the application
process for the allocation levels, and the proposal deadlines are
located on the
TeraGrid
Allocations page.
Information for local users (non TeraGrid) of NCSA resources is
available at the
NCSA
Allocations page.
2. Encryption Software
NCSA has a history of establishing and maintaining a
high degree of security on the available high-performance systems and
on the networks that connect to those systems. This aggressive policy
seeks to identify and address potential or real security breaches,
and the result is a solid high-performance computing environment
with a high level of security.
So-called "clear text passwords" are unencrypted and
unscrambled and thus vulnerable to detection by "sniffers"
on the Internet.
Internet "sniffing" can allow hackers to obtain passwords.
Hackers often use the newly discovered passwords to login to a system.
To prevent sniffing, NCSA has taken the following steps:
- NCSA has eliminated all clear text passwords.
- NCSA requires connections made to its high-performance systems be
made using encryption software such as SSH that eliminates
clear-text logins and passwords.
See the Security page for
NCSA security policy information.
Please see the Connecting to NCSA Systems section
below for details on the various options available.
Additional information on
SSH and
Kerberos
is also available.
If you have questions, please contact the consulting
staff by phone at 217-244-1144 or
by email (consult@ncsa.uiuc.edu).
3. Connecting to NCSA Systems
There are three methods of access to NCSA resources:
SSH with NCSA Kerberos password
SSH with grid certificate authentication
Secure FTP client(GridFTP or Kerberized)
3.1 NCSA HPC Systems
NCSA users can connect to NCSA HPC systems by establishing a secure login
session, by using a Secure Shell (SSH) program with or without
Grid
Credentials supplied by a TeraGrid-approved Certificate Authority.
SSH is a network protocol that allows data to be
exchanged over a secure channel between two computers. SSH is
typically used to log into a remote machine and execute commands, but it
also supports tunneling, forwarding arbitrary TCP ports and X11 connections,
as well as transfer files using the associated secure file copy program (SCP)
and a secure FTP program (SFTP). The majority of all current
Linux/Unix distributions come with an ssh client by default.
3.2 Archival Storage System
NCSA's Mass Storage System (MSS) can be accessed via the same
interface that are available on the NCSA's production compute
resources. Access to MSS from an NCSA computing resource can be
performed using the NCSA's msscmd and mssftp commands.
The MSS page has additional information.
Users can access MSS directly from their local resouce using a ssh
client. Access via grid enabled and secure ftp clients like
UberFTP
and Kerberized FTP clients, continue to be supported. Current Linux/Unix distributions
should have kerberized ftp clients available for installation. The SSH, Kerberized FTP
and Grid FTP Software tables below have additional information, including info on a few
clients for Windows.
3.3 Access Methods
| Computing Systems |
Hostnames |
Access Methods |
Lincoln (*)
[Intel 64 Tesla Cluster] |
lincoln.ncsa.uiuc.edu
login-lincoln.ncsa.teragrid.org |
ssh, scp, sftp,
gsissh, gsiscp, gsisftp,
uberftp,
globus-url-copy,
kerberized ftp |
Abe (*)
[Intel 64 Linux Cluster] |
abe.ncsa.uiuc.edu
login-abe.ncsa.teragrid.org |
ssh, scp, sftp,
gsissh, gsiscp, gsisftp,
uberftp,
globus-url-copy,
kerberized ftp |
Cobalt
[SGI Altix] |
cobalt.ncsa.uiuc.edu
co.ncsa.uiuc.edu
login-co.ncsa.teragrid.org |
ssh, scp, sftp,
gsissh, gsiscp, gsisftp,
uberftp,
globus-url-copy,
kerberized ftp |
Mercury
[IBM IA-64 Linux Cluster] |
tg-login.ncsa.teragrid.org
login-hg.ncsa.teragrid.org |
ssh, scp, sftp,
gsissh, gsiscp, gsisftp,
uberftp,
globus-url-copy,
kerberized ftp |
| Archival Storage System |
Hostnames |
Access Methods |
MSS
[Mass Storage System] |
mss.ncsa.uiuc.edu
mss.ncsa.teragrid.org |
ssh, scp, sftp,
gsissh, gsiscp, gsisftp,
uberftp,
globus-url-copy,
mssftp *, msscmd *,
kerberized ftp |
(*) Abe and Lincoln share login nodes.
Using SSH
| Client Type |
Usage |
| Linux/Unix SSH clients |
ssh -l LoginID HostMachineName
or
ssh LoginID@HostMachineName
|
| Windows SSH clients |
GUI-based apps that have some form of a dialog box
where the user can fill in the info needed to connect
to the target NCSA resource.
|
SSH Software
Note: Java-based clients should work on all java enabled platforms.
| SSH Clients |
Platform |
Description |
Pros  |
Cons  |
| OpenSSH |
 |
OpenSSH is available for Linux/Unix distributions, but
any current Linux/Unix OS should have a ssh client by
default, which should include the standard SSH, SCP and
SFTP functionality. |
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
|
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
| OpenSSH for Windows |
 |
The OpenSSH for Windows package provides full SSH/SCP/SFTP
support. SSH terminal support provides a
familiar Windows Command prompt, while retaining
Unix/Cygwin-style paths for SCP and SFTP. |
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
|
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
| SSH Secure Shell |
|
SSH Secure Shell allows you to securely login to remote host computers, to
execute commands safely on a remote computer, and to provide secure encrypted
and authenticated communications between two hosts in an untrusted network.
X11 connections and arbitrary TCP/IP ports can also be forwarded over the
secure channel, expanding SSH Secure Shell’s usability even further. |
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
|
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
| Tunnelier |
|
Tunnelier is a SSH and SFTP client for Windows which incorporates,
a graphical SFTP client, terminal emulation with support for the bvterm, xterm,
and vt100 protocols, support for single sign-on using SSPI (GSSAPI) Kerberos 5
and NTLM user authentication, as well as Kerberos 5 host authentication, support
for RSA and DSA public key authentication with comprehensive user keypair
management, SSH port forwarding capabilities, including dynamic forwarding through
integrated SOCKS and HTTP CONNECT proxy. |
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
- Scriptable command-line SFTP client (sftpc)
- Scriptable command-line remote execution
client (sexec) and a command-line terminal
emulation client (stermc)
- FTP-to-SFTP bridge allowing you to connect
to an SFTP server using legacy FTP applications
|
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
| PuTTY |
|
Putty is an SSH client which allows you to log into a remote
resources running SSH servers. Using SSH you can
upload/download files between your local machine and the remote
resource. |
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
- Third-party GUI front ends can use this
client's sftp and scp functionality.
|
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
GSI-SSHTerm
(Java-based) |
|
A Grid Security Interface (GSI) enabled SSH terminal
application based on the SSHTools suite.
Users can use GSI-SSHTerm as an easy way of connecting
to the Grid(GSI-SSH) enabled resources. |
- More secure than regular FTP connection.
- Permits a wide range of capabilities
once the connection has been established.
- GUI-based sftp & scp client
- Java based client works on any java capable platform.
- Drag and Drop UpLoad Functionality.
- Single Sign On functionality
A mechanism that allows users to type
a single password once and then allows
the user to connect to multiple remote
resources without having to type any
additional passwords.
|
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP file transfers.
- No Drag and Drop DownLoad functionality.
|
MyProxy-logon
with
Globus ToolKit
|
|
Grid Client Software Suite/Packages(Linux/Unix only) that
allows users to interact remotley with Grid enabled machines. |
- More secure than regular FTP connection.
- Permits a wide range of capabilities
once the connection has been established.
- Single Sign On functionality
A mechanism that allows users to type
a single password once and then allows
the user to connect to multiple remote
resources without having to type any
additional passwords.
- Customizable installations
(able to only install what you need).
|
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
- Number of prerequisites can be large
and the installation/configuration
can become complex.
- No support for Windows.
|
Using Secure FTP Client to access MSS
| Client Type |
Usage |
| Linux/Unix FTP clients |
ftp mss.ncsa.uiuc.edu
or at the ftp prompt:
ftp> open mss.ncsa.uiuc.edu
|
| Windows FTP clients |
GUI-based apps that have some form of a dialog box
where the user can fill in the info needed to connect
to NCSA's MSS.
|
|
