General Information

Top of Page

How to Login

Please note, New York Blue/L has been decommissioned and these web pages have not yet been updated to reflect its removal from service. The New York Blue/P is now one rack and remains in service. The BNL Blue Gene/Q also remains in service.

Introduction

The only way to access Blue Gene computing resources remotely (outside the Blue Gene network enclave) is through the Blue Gene ssh gateways. Even users connecting from inside the BNL campus network need to go through the gateways.

Outside the BNL campus the gateways are known as: ssh.bluegene.bnl.gov
Inside the BNL campus they are known as: ssh.bluegene.bnl.local

Notes:

  • Both of the above host names (ending in .gov and .local) refer to the SAME load-balanced gateway servers. The users will access the same gateways whether they are logging in from inside or outside the BNL campus network.
  • All gateways are administered by the ITD Unix group. Blue Gene users having any questions or problems with the gateways should contact the ITD Helpdesk via email itdhelp@bnl.gov or call (631) 344-5522.

Top of Page

Accessing the Blue Gene SSH Gateways

Note: CryptoCard token access has been terminated. All Blue Gene users must now use RSA SecureID. Please call the Account Management Office at 631-344-4444 for assistance.

A "two factor authentication" method must be used to access any of the BNL ssh gateways. In order to access the Blue Gene ssh gateways remotely, users must have:

  1. RSA SecureID Account
  2. An account on the Blue Gene ssh gateways

Instructions on how to obtain a SecureID account and a Blue Gene ssh gateway account are listed in Requesting an Account .

Having both the above accounts set up, users should then ssh to the Blue Gene gateways. When prompted:

  1. Enter your SecureID username.
  2. Enter your PIN number followed immediately by the SecureID tokencode that was generated by the SecureID token -- do not embed any hyphens or blanks. The tokencode should be 6 digits.

You must use a different tokencode for each attempt you make to ssh into the Blue Gene gateways. Please note, a new tokencode appears in the RSA SecureID token display every 60 seconds. If you fail to login with an incorrect tokencode, wait for the tokencode to change. Then enter the new tokencode.

Notes:

  • For instructions on how to use RSA SecureID tokens, please refer to the online RSA SecureID User Guide.
  • The RSA SecureID token has is a "count down timer" on the left side of the token display: 5 bars appear there when a new tokencode has just been displayed, then 4 bars, 3, 2, 1, and then 5 bars and a new tokencode are displayed.
  • A tokencode is the six digits displayed by the RSA SecureID token. A passcode consists of your PIN number followed immediately by the SecureID tokencode.
  • If you keep failing to login you should contact the ITD Helpdesk via email itdhelp@bnl.gov or call (631) 344-5522.

The most common reasons for repeated login failures are:

  1. The SecureID account has been locked due to repeated login failures.
  2. The Blue Gene user account was not created and thus the user does not have an account on the ssh gateway.
  3. The SecureID username and the ssh gateway username do not match.

Top of Page

Accessing the Blue Gene Front-End Nodes

There are two Front-End nodes (FEN): one for the 18-rack Blue Gene/L machine known as fen.bluegene.bnl.gov and one for the 2-rack Blue Gene/P machine known as fenp.bluegene.bnl.gov. Both nodes can be accessed from the Blue Gene ssh gateways.

For the 1-rack Blue Gene/Q, there is a front end node, fenq.qcdoc.bnl.gov, which is also accessed from the Blue Gene ssh gateway.

A "two factor authentication" is required to access the BG/L and BG/P and BG/Q Front-End nodes from the gateway. Users' should generate an ssh key pair on the Blue Gene ssh gateways (using ssh-keygen -t dsa) and email the generated public key to the admins (drs@bnl.gov).

Notes:

  • Some instructions on how to generate ssh keys can be found in the BNL Cyber Security SSH web pages.
  • You must use a passphrase when generating the keys.
  • Please send your public key as an attachment to your email rather than simply including it in the body of the mail message.
  • You cannot send email from the Blue Gene ssh gateways. To email your public ssh key you will have to copy it to another machine.

Users who have trouble emailing their public ssh key can upload it to the Blue Gene ftp site ftp.bluegene.bnl.gov. The site is accessible from the ssh gateways. For more information, please contact the Admins.

The users will receive an email notification from the Blue Gene admins when the user's public key is deployed. The users should then be able to access the Front-End nodes (for BG/L and BG/P and BG/Q) from the Blue Gene ssh gateways:

  • ssh fen.bluegene.bnl.gov for the BG/L machine
  • ssh fenp.bluegene.bnl.gov for the BG/P machine
  • ssh fenq.qcdoc.bnl.gov for the BG/Q machine

The default location of the generated ssh keys is in the user's .ssh directory. The default private key filename is .ssh/id_dsa while the default public key filename is .ssh/id_dsa.pub.

However, if you did specify a filename when the keys were generated (when running ssh-keygen) you should provide the location of the private key using the ssh -i option when trying to ssh to the front-end node.

  • ssh -i my_private_key fen.bluegene.bnl.gov

Top of Page

Accessing the Visualization Cluster

Once the user's public key is deployed on the Front-End nodes (FEN), the user should be able to access the visualization cluster from the Blue Gene ssh gateways:

  • ssh vis1.bluegene.bnl.gov

The user home directories are the same on the FENs and the visualization cluster.

Top of Page

Accessing the CSC GPU Cluster

  1. Access the Blue Gene SSH gateway
  2. Once on the Blue Gene SSH Gateway, login to gpu2.csc.bnl.gov as follows:
    ssh gpu2.csc.bnl.gov