NHR@FAU HPC-Portal Usage

New digital workflow for HPC accounts

Link to HPC-Portal.

Jump to:

Since January 2021, NHR@FAU is one of now nine centers of the NHR Alliance. NHR@FAU is offering support especially in the area of performance engineering and single-node performance analysis. The application focus is on atomistic simulations, i.e. molecular dynamics, chemistry, and certain areas of material sciences.

With these changes, we are discontinuing our previous and oftentimes tedious HPC account application process which required new users to first apply for an IdM account and then fill out the HPC account application form. Users where then required to wait for their activation letters to arrive and set their HPC passwords, until they were finally able to start working on our clusters.

The new HPC-Portal replaces all of the aforementioned paperwork and introduces a sleek and straightforward digital workflow for managing HPC accounts and projects. As this process is now independent from HPC support, PIs and technical contacts can add and remove users from projects on their own and users are able to directly see the absolute path to their home directory and upload SSH keys for secure remote connection to our clusters.

If any questions remain after reading this documentation on our new HPC-portal, please contact us.

Contact us

Login options

Log in options are revealed after pressing the login button in the top right corner.

On the frontpage, the login field can be found in the top right corner. Next to it, the page language, either German or English, can be selected. Single sign-on (SSO) is always used for user logins and works with the authentication and authorization infrastructure from Deutsches Forschungsnetz (DFN-AAI) and the education global authentication infrastructure (eduGAIN).

Users can select their organization via a drop-down menu.

FAU-members should log in via the “Friedrich-Alexander-Universität (FAU)” button and enter their IdM-username and password. If you are not an FAU-member, please click “Another institution (DFN-AAI + eduGAIN)”, select your organization from the drop-down menu and follow your identity provider’s instructions.

In case a user sees an error page (“Your SSO-Login was successful, but one or more of the attributes required for correct account generation are missing.[…]”) after trying to log in, they should contact their local computer centre. There are certain attributes missing for correct identity transmission and only local IT support can activate them. Organizational support addresses can be found at DFN or eduGAIN.

The User tab

Inside the “User” tab, invitations to projects can be managed. In addition, account details are listed and SSH keys can be uploaded.

Next to the NHR@FAU logo in the top left corner, a click on “User” loads information on the account and invitations to projects. If a user logs into the HPC-Portal for the first time, the mailing list subscription column will show up on the right side. The information here can be quite limited, depending on whether an (NHR) project has already been approved and a project invitation has been sent to the user.

When a user receives an invitation to a project (ATTENTION: the invitation must have been sent to the email address as transmitted via SSO otherwise it cannot be matches), they can either accept or decline the invitation. The user can also see for which project the invitation has been sent. In case of acceptance, an HPC account is generated on the fly and will show up in the left column of the user tab. Please be aware, however, that it will usually take until the day after accepting the invitation until access to our clusters (via SSH or Slurm) is possible and all directories like $HOME, $WORK or $HPCVAULT are available. New users are encouraged to spend the waiting time getting familiar with our documentation. Of particular interest are probably the documentations on our GPU-cluster Alex, the one on our CPU-cluster Fritz, and where to store future data.

SSH public key upload options.

After opening the account information via the down arrow, details on the account like the path to the home directory or the state of the account are listed. Most importantly, each user should upload at least one SSH public key here. Accepted SSH key types are RSA with a length of at least 4096 bites, ECDSA with a length of 512, and ED25519.

SSH keys from the portal will be distributed automatically across HPC systems; this process, however, might take several hours (typically 2 hours), so please be patient.

Currently, the SSH keys from the portal are only distributed to Alex, Fritz, Woody, and the dialog server cshpc. But these systems do not yet ignore the authorized_keys file in the user’s home directory and only accept the keys from the portal!

In case a user is unfamiliar with generating SSH keys, please visit our documentation on “SSH – Secure Shell access to HPC systems“. This page offers in-depth information on how to connect and copy data to a remote host, how to use SSH agents, and how to generate a secure SSH key. Please make sure to enter a passphrase when prompted during the process in order to encrypt your private key.

Several SSH keys can be uploaded per account and management is possible under “Show advanced options”. Here, a user can assign aliases to SSH keys, edit options like agent forwarding or having access via a graphical interface.

Profile information

Example of a user’s profile page in the HPC portal. Newsletter subscriptions can be managed here.

The user’s profile can be found by clicking on the arrow next to the user’s email address in the top right corner. The profile page shows the user’s personal data that is normally sourced from the user’s SSO Identity Provider (IdP) and cannot be changed in the portal. The transferred data comprise the user’s principal name at the home organization (username), the user’s given name and surname, the user’s affiliation at the home organization, and the user’s email address. The middle panel gives information about the role that has been assigned to the user; this role defines whether a user can see the management tab or not.

On the right side of the profile page, the user can manage NHR newsletter subscriptions. Information on Export-Control Regulations and Terms of Use can be found at the bottom of the page. The user can read this information by clicking on the “Withdraw consent” button; accepting the regulations or terms at the bottom of the pop-up will bring the user back to their profile.

The Management tab (visible only for PIs and technical contacts)

The “Management” tab is only visible for principal investigators or technical contacts.

Next to the NHR@FAU logo in the top left corner, a click on “Management” offers principal investigators and technical contacts to manage their projects. After opening the project via the down arrow, project details can be seen in the left column. In the column on the right, all accounts connected to the corresponding project are listed. The middle column is dedicated to sending out invitations to projects. With this feature, the PI or contact person can trigger the creation of HPC accounts for himself/herself and co-workers using an invitation mechanism. (See above in the “User tab” section on accepting invitations!)

New invitation pop-up.

For sending out invitations, the PI or contact person has to enter the recipient’s email address (as transmitted by the IdP) and can add a personalized message. The user will receive an email with the following subject: New invitation for “[project name]” waiting at portal.hpc.fau.de” and message content: “Dear HPC-Portal User, [name of PI/technical contact] sent you an invitation for “[project name]” at “https://portal.hpc.fau.de/”. Please follow the link and log in via SSO using your IdM credentials to accept the invitation (‘User’ -> ‘Your Invitations’). After that, please upload a ssh public key (‘ssh-rsa’) to the corresponding account of “[project name]” (‘User’ -> ‘Your Accounts’). In case of problems, please send an e-mail with a clear description of the issue to “hpc-support@fau.de”. Invitation Message: [personalized message] Regards, HPC-Support This e-mail was generated automatically [day, date, time]”.

Several users can be added in a single step which should be more convenient for PIs or technical contacts responsible for lectures and block courses. To do this, the “Invite multiple e-mail addresses” switch must be activated. E-mail addresses can either be typed separately or a comma-separated list of mail addresses can be copied into the field; to confirm the list of addresses, the “enter” button must be pressed. Invalid and duplicate mail addresses will be filtered out.

User account editing is limited to account state and time of validity.

After the corresponding user accepts their invitation, PIs and contact persons can edit certain details of the user’s account. The editing button will become visible in the right column on the management page after opening the account via the down arrow. Editing options are limited to the state of the account—either pending, approved, deleted, active or inactive—and the time period in which the account should be valid. This allows PIs and contacts persons to link account lifetimes to contract of employment runtime, pre-plan switches in project affiliation, and cover medium-term user absence.

Overall, the management tab enables PIs and contact persons to independently add new users when new scientists join the project.