HPC Account Application at University of Cologne (Ramses system)

University of Cologne = Universität zu Köln = UzK in the following.

Some of the described steps will trigger email responses to your UzK (@uni-koeln.de) email account, to be set up as described under 1) below. For those steps requiring some go-ahead response, make sure to check the UzK account. Your guest account can be accessed through:

• https://webmail.uni-koeln.de/login.php

• https://sogo.uni-koeln.de

If your email is mylogin@uni-koeln.de, your login will be mylogin. Account configuration can be done here: https://kim.uni-koeln.de/unikim_en.html

The KIM dashboard also has an option for setting up a forwarding email address.

1) Application for UzK guest account

(only for those without existing guest/student/employee account at UzK)

First thing is to apply for a UzK guest account. In case you already have such an account, skip to Step 2.

Please fill out this account application form.

On the application form:

• Section 1: fill in your personal and institutional information

• Section 2: check box “1 year”

• Section 3: check box “Research Project”

• Section 3, “Description of the project or task”: copy-paste the following text:

  The IT Center University of Cologne (ITCC) hosts the CCAT Observatory Cologne Data Center. CCAT operates within the DFG-sponsored and multi-institutional research project CRC 1601 (Collaborative Research Center). Data processing and analysis within CCAT will require the development of efficient and scalable computational workflows as well as adequate HPC infrastructure which is given by the compute cluster Ramses.

• Section 4: date + signature

• Section 5, “Endorsement of an Authorized Executive at the University of Cologne”: leave blank

Your group coordinator may collect all applications. Otherwise, send the form to commer@uni-koeln.de When you receive a response:

To activate your account you need your PKZ (Personenkennziffer = Staff ID) and your initial password which will be provided. You can activate your account by accessing the uniKIM web form on https://kim.uni-koeln.de/unikim_en.html

After activation of the account, you should have a username based on your name. It takes up to two hours until you can log on to the email server (also to webmail).

2) HPC access application

Now, fill out this HPC-Access application form.

On the application form:

• Section 1: personal and institutional information

• Section 2: nothing to do

• Section 3: check box “Research Project, supported by: DFG”

  Title of Project:

  CRC1601-CCAT data processing and analysis, within SFB1601 "Habitats of Massive Stars Across Cosmic Time"
  

  check box “HPC-Authorization”

• Section 4: date + signature

• Section 5: nothing to do

Date+sign and print/scan the two forms and send them to: hpc-accounts@uni-koeln.de

3) Multi-factor-authentication (MFA)

MFA is mandatory for Ramses login. MFA setup can be started as soon as you have the UzK guest account (Step 1).

3.1) Enroll into UzK MFA

Currently, the procedure for external (outside of campus) applicants is as follows:

Please send (a scan of) a handwritten note where you write the following, if you’re up for the German challenge:

Hiermit erbitte ich, die Sendung einer Enrollment  Mail um MFA für mein UzK Gastkonto zu aktivieren.

Or, in English:

I hereby request the receipt of the Enrollment Mail to activate MFA for my UzK guest account.

Date-sign the above and also attach a copy of a photo ID. Then, send these scans to: itcc-helpdesk@uni-koeln.de

Make sure to send this through your UzK (uni-koeln.de) account. After 2-3 business days, check for a Duo Enrollment Mail in your UzK account.

3.2) Installation of MFA authentication app - Duo Mobile

Cisco Duo is the recommended authentication option and is available through the Duo Mobile app (for Android, iOS, iPadOS and watchOS). Be sure to install the app published by Duo Security LLC. Most people use the app on their smartphone or tablet to confirm their identity when logging in to Ramses. More details here:

https://rrzk.uni-koeln.de/en/services/accounts-communication/multifactor-authentication-cisco-duo

Probably less essential, but more app-specific info can be found under guide.duo.com, for example for android: https://guide.duo.com/android

3.3) Initial registration

After installing the Duo Mobile app on your device, follow these steps for initial registration: https://rrzk.uni-koeln.de/en/services/accounts-communication/multifactor-authentication-cisco-duo/initial-registration-in-cisco-duo

4) Installation of VPN-access tool - Cisco Secure Client

Access to Ramses requires a VPN connection. VPN is realized through the Cisco Secure Client app, to be installed on the desktop/device from which you will login to Ramses. Installation and configuration details are here: https://rrzk.uni-koeln.de/en/services/internet-access-web/network-access/vpn

Note that the VPN gateway is vpngate.uni-koeln.de

In case one of these errors occurs upon a VPN connection attempt: Potential CSRF Attack Detected occurs in the browser after registration in Shibboleth, or, Internal Error (or Interner Fehler) occurs in the Cisco Secure Client:

Then, please delete the cookies and the browser cache of your web browser, close it, and reconnect to the VPN network.

Additional info specific to users from Cornell Uni, courtesy of Steve Lantz:

Cisco Secure Client is also used at Cornell. The client distributed by Cornell seems to work for UzK as well. In both cases, the VPN connection is made with the AnyConnect VPN component, which seems lighter-weight than the full functionality that is possible with the Cisco Secure Client: https://blogs.cisco.com/security/more-than-a-vpn-announcing-cisco-secure-client-formerly-anyconnect

5) SSH setup on Ramses

Proceed with this step after receiving an OK response from Step 2) HPC access application. Follow these steps for ssh-authentication (see Section 2.2 of this URL): https://gitlab.git.nrw/uzk-itcc-hpc/itcc-hpc-ramses/-/wikis/Documentation#22-ssh-access-keys-and-things

As instructed there, the ssh-key needs to be emailed to hpc-mgr@uni-koeln.de

You can say something like I am one of the external CCAT-project users, as authorized by M.Commer

Eventually, you will receive a reply similar to this: Thank you for sending us your public key. We have stored the information on Ramses. You will receive an automatic message as soon as your Ramses account has been activated. After account activation, you can login to Ramses.

6) Login to Ramses

Congrats for making it all the way to here. Before connection to Ramses via ssh, first connect to the UzK VPN. Open the Cisco Secure Client from where you will ssh to Ramses. In the tab “AnyConnectVPN” select vpngate.uni-koeln.de for “Connect to”.

Section 2.3 Login nodes of the above (under 5) gitlab document tells you how to login to Ramses.

Ramses has currently two login servers available:

ramses1.itcc.uni-koeln.de
ramses4.itcc.uni-koeln.de

Got stuck somewhere?

Feel free to ask: commer@uni-koeln.de