- The Allocation Process
- Encryption Software
- Connecting to NCSA Systems
- NCSA HPC Systems
- Archival Storage System
- NCSA Dial-up Services
1. The Allocation Process
NCSA supports high-performance computing resources that are allocated to
eligible principal investigators through a peer-review process.
To best serve the needs of all users, TeraGrid employs a three-tiered
allocations process. This process consists of the Development
Allocation Committee (DAC), Medium Resource Allocations Committee (MRAC),
and Large Resource Allocations Committee (LRAC). Details on the
eligibility requirements for principal investigators, the application
process for all three allocation levels, and the proposal deadlines are
located on the
TeraGrid
Allocations page. Note that a DAC project can be awarded a
maximum of 30,000 service units (SUs) per year. If a PI needs
more than 30,000 SUs on an NCSA machine in a given year,they need to submit
a proposal to the MRAC or the LRAC.
2. Encryption Software
NCSA has a history of establishing and maintaining a
high degree of security on the available high-performance systems and
on the networks that connect to those systems. This aggressive policy
seeks to identify and address potential or real security breaches,
and the result is a solid high-performance computing environment
with a high level of security.
So-called "clear text passwords" are unencrypted and
unscrambled and thus vulnerable to detection by "sniffers"
on the Internet.
Internet "sniffing" can allow hackers to obtain passwords.
Hackers often use the newly discovered passwords to login to a system.
To prevent sniffing, NCSA has taken the following steps:
- NCSA has eliminated all clear text passwords.
- NCSA requires connections made to its high-performance systems be
made using encryption software such as SSH that eliminates
clear-text logins and passwords.
See the Security page for
NCSA security policy information.
Please see the Connecting to NCSA Systems section
below for details on the various options available.
Additional information on
SSH and
Kerberos
information is also available.
If you have questions, please contact the consulting
staff by phone at 217-244-1144 or
by email (consult@ncsa.uiuc.edu).
3. Connecting to NCSA Systems
3.1 NCSA HPC Systems
NCSA users can connect to NCSA HPC systems by establishing a secure login
session, by using a Secure Shell (SSH) program with or without
Grid
Credentials supplied by a TeraGrid-approved Certificate Authority.
SSH is a network protocol that allows data to be
exchanged over a secure channel between two computers. SSH is
typically used to log into a remote machine and execute commands, but it
also supports tunneling, forwarding arbitrary TCP ports and X11 connections,
as well as transfer files using the associated secure file copy program (SCP)
and a secure FTP program (SFTP). The majority of all current
Linux/Unix distributions come with an ssh client by default.
If your system does not recognize the name you enter, contact
NCSA Consulting Services by phone at 217-244-1144 or
by email (consult@ncsa.uiuc.edu).
Staff can tell you the Internet Protocol (IP) address for the HPC system.
(NCSA occasionally changes IP addresses in response to improvements in
network technology. Therefore NCSA strongly recommends that you not use
IP addresses unless absolutely necessary.)
Using SSH
| Client Type |
Usage |
| Linux/Unix SSH clients |
ssh -l LoginID HostMachineName
or
ssh LoginID@HostMachineName
|
| Windows SSH clients |
GUI-based apps that have some form of a dialog box
where the user can fill in the info needed to connect
to the target NCSA resource.
|
SSH Software
Note: Java-based clients should work on all java enabled platforms.
| SSH Clients |
Platform |
Description |
Pros  |
Cons  |
| OpenSSH |
 |
OpenSSH is available for Linux/Unix distributions, but
any current Linux/Unix OS should have a ssh client by
default, which should include the standard SSH, SCP and
SFTP functionality. |
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
|
- Cannot use this type of client
to connect to MSS (UniTree).
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
| OpenSSH for Windows |
 |
The OpenSSH for Windows package provides full SSH/SCP/SFTP
support. SSH terminal support provides a
familiar Windows Command prompt, while retaining
Unix/Cygwin-style paths for SCP and SFTP. |
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
|
- Cannot use this type of client
to connect to MSS (UniTree).
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
| TeraTerm Pro SSH |
|
TTSSH is a free SSH client for Windows. It is
implemented as an extension DLL for Teraterm Pro.
Teraterm Pro is a superb free terminal emulator/telnet client
for Windows, and its source is available. TTSSH
adds SSH capabilities to Teraterm Pro without sacrificing any
of Teraterm's existing functionality. |
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
|
- Cannot use this type of client
to connect to MSS (UniTree).
- No sftp or scp functionallity.
|
| PuTTY |
|
Putty is an SSH client which allows you to log into a remote
resources running SSH servers. Using SSH you can
upload/download files between your local machine and the remote
resource. |
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
- Third-party GUI front ends can use this
client's sftp and scp functionality.
|
- Cannot use this type of client
to connect to MSS (UniTree).
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
| copSSH |
|
copSSH is an ssh server and client implementation for
windows systems. It is a yet another packaging of portable
openssh, cygwin, some popular utilites, plus implementation
of some best practices regarding security.
|
- More secure than regular FTP
connection.
- Permits a wide range of capabilities
once the connection has been
established.
|
- Cannot use this type of client
to connect to MSS (UniTree).
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
GSI-SSHTerm
(Java-based) |
|
A Grid Security Interface (GSI) enabled SSH terminal
application based on the SSHTools suite.
Users can use GSI-SSHTerm as an easy way of connecting
to the Grid(GSI-SSH) enabled resources. |
- More secure than regular FTP connection.
- Permits a wide range of capabilities
once the connection has been
established.
- GUI-based sftp & scp client
- Java based client works on any java
capable platform.
- Single Sign On functionality
A mechanism that allows users to type
a single password once and then allows
the user to connect to multiple remote
resources without having to type any
additional passwords.
|
- Cannot use this type of client
to connect to MSS (UniTree).
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
|
MyProxy-logon
with
Globus ToolKit
|
|
Grid Client Software Suite/Packages(Linux/Unix only) that
allows users to interact remotley with Grid enabled machines. |
- More secure than regular FTP connection.
- Permits a wide range of capabilities
once the connection has been
established.
- Single Sign On functionality
A mechanism that allows users to type
a single password once and then allows
the user to connect to multiple remote
resources without having to type any
additional passwords.
- Customizable installations
(able to only install what you need).
|
- File transfers(ssh based: sftp
& scp) slower than ordinary FTP
file transfers.
- Number of prerequisites can be large
and the installation/configuration
can become complex.
- No support for Windows.
|
3.2 Archival Storage System
Access to NCSA's mass storage system, UniTree, is via a kerberized FTP
interface. SCP (SSH) access is not available. Access to UniTree from an
NCSA computing resource can be
performed using the NCSA's msscmd and mssftp commands.
The UniTree page has additional information.
Users can access UniTree directly from their local resouce using the a
Kerberized FTP client (or the grid enabled ftp client
UberFTP). Current Linux/Unix distributions
should have kerberized ftp clients available for installation. The Kerberized
FTP Software table below has additional information, including a windows
supported kerberized ftp client.
| Archival Storage System |
Hostnames |
UniTree
[Mass Storage System] |
mss.ncsa.uiuc.edu
mss.ncsa.teragrid.org |
Using FTP(Kerberized) to UniTree
| Client Type |
Usage |
| Linux/Unix FTP clients |
ftp mss.ncsa.uiuc.edu
or at the ftp prompt:
ftp> open mss.ncsa.uiuc.edu
|
| Windows FTP clients |
GUI-based apps that have some form of a dialog box
where the user can fill in the info needed to connect
to NCSA's UniTree.
|
