Holschuh, Nicholas D. Connecting to Moon (MGHPCC)

The Holschuh Lab has access to an Intel Xeon server [48 cores, 2.4 GHz each, 384 Gb of memory] that is hosted by the Masachussets Green High Performance computing center. The computers official name is `holschuhlab-01`, but we affectionately refer to it as `Moon`.

This machine is typically used one of two ways:

• By connecting to its JupyterHub -- a python / R / Ruby IDE that allows you to manipulate files, as well as develop and run code through your local web browser. 
• By launching and connecting to a VNC (virtual network computing) server. This will provide you with a virtual desktop, where you can run any of the installed software (including QGIS and Matlab) or interact with the machine as if you had a monitor connected locally.

This system is restricted such that remote access to the machine is only allowed from IP addresses within the Amherst College network. Connecting to Moon from within the network is straightforward -- connecting from outside the network requires one additional (fairly technical) networking step.  Below are instructions for connection to Moon both inside and outside the Amherst network.

Access from Within the Amherst Network or VPN

JupyterHub: The JupyterHub server running on Moon sends and receives data through a port on the remote computer numbered 8000, and thus, the JupyterHub is accessible (using any web browser) at the following address:  https://holschuhlab-01.mghpcc.amherst.edu:8000 . Most websites you access on the broader internet have a security certificate that browsers use to authenticate the source of the site -- the JupyterHub has no such certificate, so when connecting to the JupyterHub, browsers will typically bring up a page saying "this site is insecure". If using Google Chrome on Windows, you should get the screen shown on the left, below. Showing the advanced options and clicking "proceed to holschuhlab..." should bring you to the JupyterHub Interface. Chrome on Mac does not appear to let you bypass this alert, so I suggest you instead use Safari. This should bring up the alert on the right, below. Clicking "visit this website" should bring up a keychain authentication prompt, and then take you to the JupyterHub interface. If you are struggling to get through this step, try connecting by a different browser.

Image

Image

There are typically links on the warming page that allow you to "connect anyway" -- clicking that link will launch the JupyterHub interface (shown below).  Once connected, you're ready to start coding in Python, R, or Ruby!

Image

Fig 1. -- JupyterHub Interface

Connecting to the browser-based virtual desktop:

The browser based virtual desktop can be accessed at the following link:  http://holschuhlab-01.mghpcc.amherst.edu:8080/guacamole/ . This will require you to first enter a "Guacamole" password (issued to your class), and then enter your individual username and password.

VNC: Launching a virtual desktop on Moon (to run Matlab, QGIS, or other software outside of the JupyterHub) requires first connecting to moon via ssh and launching your own VNC server. Connecting to Moon by ssh can be done from any terminal, using the following command:

ssh user@holschuhlab-01.mghpcc.amherst.edu

Now, your terminal instance is running locally on Moon. To launch a VNC server, you simply run the following command from your ssh terminal: 

vncserver

The first time you run this command, you will be asked to enter a password. This password can be anything, and will be requested every time you connect to your VNC server. When successfuly run, you will get the following message:

vnc 'X' desktop is holschuhlab-01:3

Your VNC server will communicate over port 590X on Moon, where X is the number provided in the above dialogue after holschuhlab-01 -- in the above example, it would be 5903. To connect to your virtual desktop from a PC, you can use a VNC Viewer and connect to the address holschuhlab-01.mghpcc.amherst.edu:590X. From a Mac, you can select "Connect to Server" from the "Go" menu, and supply the address  vnc://holschuhlab-01.mghpcc.amherst.edu:590X. When successfully connected, you should end up with the following virtual desktop:

Image

Fig 2 -- Example of the Virtual Deskop

Access from Outside the Amherst Network -- VPN

You should be able to connect to Moon from outside the Amherst network as if you are within the Amherst network (described above) when connected to the Amherst VPN. The installation instructions for the Amherst College VPN can be found here.

Access from Outside the Amherst Network -- SSH Tunnel

If the VPN is down, you can also connect to Moon via an SSH tunnel through one of the computers within the Amherst network that is open to the internet. Connecting to Moon from outside the Amherst network is conceptually the same as connecting from inside the network -- you want to get to a point where you are communicating with port 8000 and port 590X on Moon. But, when coming from outside the network, you cannot see the ports on Moon directly, you need to first connect to an internet-facing computer within the Amherst network. You can do this using a "secure shell" (SSH) connection to one of the Linux servers on campus, romulus.amherst.edu or remus.amherst.edu. Because Romulus and Remus can see Moon, they allow you to do something called "port forwarding", or "ssh tunneling" -- connecting the ports from a remote machine (in this case, Moon) to ports on your computer. That way, when you tell your browser to communicate with your local ports, they really send and receive messages from the linked ports on Moon. The figure below captures the network conceptually.

Image

Fig. 3 -- Network security configuration for the Holschuh Lab remote server, "Moon". Moon is accessible from any computer within the Amherst network, and is serving a JupyterHub on port 8000. To connect to Moon from outside the Amherst network, we leverage a technology called "SSH Tunneling", which involves first connecting to an accessible computer from within the Amherst network (e.g., Romulus@amherst.edu or Remus@amherst.edu), and using that computer's access to the MGHPCC to link up communication ports between Moon and your personal computer. The details of that process are described below. 

The syntax for SSH tunneling comes in two parts -- I'm going to separate them here for clarity, and give the command you need to run at the end. The primary command is simply the ssh connection to Romulus or Remus, which can be run from a mac terminal or a Windows Subsystem for Linux Ubuntu terminal. A basic SSH command looks like the following:

ssh user@romulus.amherst.edu

The above command would simply connect you to your target server, but the ssh command allows you to supply additional arguments inbetween the ssh call (at the beginning) and your target server (at the end). One of those arguments lets you link ports between machines, using a flag (-L) to indicate you want to link ports, followed by information about the ports you want to link (remote_port:remote_server_address:local_port). So the final command you want to run will link your local port 8000 with Moon's port 8000, and your local port 590X with Moon's port 590X (remember, the X should be replaced with the port corresponding to your VNC server):

ssh -L 590X:holschuhlab-01.mghpcc.amherst.edu:590X -L 8000:holschuhlab-01.mghpcc.amherst.edu:8000 user@romulus.amherst.edu

Then, as above, you can connect to the JupyterHub from your local browser, or a virtual desktop using a VNC Viewer, pointing to your local ports instead of those on holschuhlab-01.mghpcc.amherst.edu:

• JupyterHub: launch a browser and go to the address https://localhost:8000
• Remote Desktop: launch a VNC viewer and connect to localhost:590X