🖥 Computers @NeuroPoly#
GE#
A GE network account is required to have access to internal computational resources.
You will receive a GE account during your onboarding.
Password#
Important
Once in a while, you are requested to change your password. To do so, log onto another machine (eg bireli
, joplin
) and use the command passwd
to change your password.
Groups#
The list of permissions for shared folders on duke
are available here.
Connect to Windows Servers#
Use Microsoft Remote Desktop Connection on creer51, creer52, creer53.
Computer : creer51.grames.polymtl.ca
Username: grames\your_polygrames_username
Password: your_polygrames_password
List of Computers at NeuroPoly#
Are you new to NeuroPoly and looking for a desk and a station? Please check the list of Desktop/Server/Clusters computers and Printers so you can pick one that is free. If you’d like a particular desk and someone else is using a station remotely, please ask the admins to move the station to another location.
If you prefer to work on your laptop, please let the admins know in your onboarding ticket and they will find you an available screen you can connect to your laptop.
VPN#
When working remotely from off-campus you need to use the VPN.
To connect to the VPN, you need to have an account with École Polytechnique, specifically with CAS. Students should already have this. Consultants and Research Associates will need to have an account created for them. This should have happened during your onboarding.
You can change your CAS password at Gestion des Codes.
The VPN uses the Cisco AnyConnect
protocol, and to use it, you must first install a compatible VPN client.
Important
Depending on your status at Polytechnique, you will be assigned to a different VPN group. Your assigned group will determine how authentication will work for you, as well as which VPN clients will be compatible with your needs.
Instructions for different user scenarios are provided below.
Note
The VPN will not work if you are already accessing wifi on campus via eduroam
, it is typically intended for off-campus use only.
Background on VPN changes#
In September 2024, Polytechnique reconfigured their VPN management strategy.
Previously, VPN authentication worked similarly for all Neuropoly members. Linux
and macOS
users wishing to avoid installing proprietary Cisco AnyConnect
software could follow the instruction provided for students (below).
Because of the changes implemented by Polytechnique, these instructions no longer work for non-students.
If you are not a student, please follow the instructions provided for your specific use case.
Students#
Students should be approved for VPN access by default. They are assigned to the PolySSL
group.
For Linux
and macOS
users, openconnect
is the recommended VPN client.
Windows
users should typically follow the official Polytechnique instructions. Advanced users concerned about the monitoring capabilities of the Cisco AnyConnect
client might consider adapting the instructions for a VM-based workaround documented under Polytechnique Staff
to their needs.
brew install openconnect
Open your Keychain program and click ‘+’ to add a new item:
Name:
poly-vpn
Account: your
YOUR_CAS_USERNAME
Password: enter your password here.
Note: the new item has to be added as an application password
to your login
Keychain (i.e., not to your iCloud
Keychain).
Then, create the following script:
#!/bin/bash
# vpn.sh
set -eo pipefail
USER="<YOUR_CAS_USERNAME>"
PASS="$(security find-generic-password -a "${USER}" -s poly-vpn -w)"
GROUP=PolySSL # or PolyInvites, depending on your account's status
echo -n "$PASS" | sudo openconnect -u "$USER" --authgroup "$GROUP" --passwd-on-stdin --reconnect-timeout 20 ssl.vpn.polymtl.ca
To connect to the VPN, you need to run:
./vpn.sh
apt install openconnect
Then, create the following script:
#!/bin/bash
# vpn.sh
set -eo pipefail
USER="<YOUR_CAS_USERNAME>"
PASS="<YOUR_CAS_PASSWORD>"
GROUP=PolySSL # or PolyInvites, depending on your account's status
echo -n "$PASS" | sudo openconnect -u "$USER" --authgroup "$GROUP" --passwd-on-stdin --reconnect-timeout 20 ssl.vpn.polymtl.ca
To connect to the VPN, you need to run:
./vpn.sh
Depending on your Linux set up, you may also be able to create a graphical interface for your VPN. The following instructions were tested on a system using NetworkManager
and the GNOME
desktop environment:
Install the NetworkManager openconnect plugin. For example, with:
apt install network-manager-openconnect-gnome
Under
Settings
go toNetwork
.Under
VPN
select+
toAdd VPN
.Select
Multi-protocol VPN client (openconnect)
.Under
Gateway
putssl.vpn.polymtl.ca
.Click
Apply
.Activate the VPN.
Under
GROUP:
selectPolySSL
.Under
Username:
put your CAS username.Under
Password:
put your CAS password.Click
Connect
.
Please follow the official steps from PolyMTL (French or English).
In case the above links ever break, the steps are:
Install “Cisco AnyConnect Secure Mobility Client”.
NB: This software is licensed to organizations, so the download page will typically be behind some sort of authentication. Right now, you have to download it from the “Utilisation du Service” section of this page, which requries you to sign in with your CAS account.
Run the newly-installed Cisco AnyConnect Secure Mobility Client program.
Configure the VPN:
Enter the server address: ssl.vpn.polymtl.ca
In the “Group” drop-down list, choose the profile: PolySSL
Identify yourself with the username and password of your CAS account (e.g. p123123)
Click “Accept”. You’re connected! :)
Polytechnique Staff#
Polytechnique staff (including Professors, Research Associates, and Postdoctoral Researchers) are assigned to the PolyQuartz
group.
The PolyQuartz
group relies on an authentication flow that makes use of your Okta
account. The authentication flow is not natively supported by the openconnect
client.
Users wishing to avoid installing the officially provisioned Cisco AnyConnect
client can consider several known workarounds.
Linux
and macOS
users can use a workaround involving the openconnect
client and manual cookie extraction.
All users can implement a workaround involving running the Cisco AnyConnect
client inside a Virtual Machine.
Instructions for each of these options are as follows:
This workaround allows you to complete the Okta
-based authentication flow while using the openconnect
client.
It should be effective for Linux
and macOS
users.
Ensure that the
openconnect
client is installed on your computer.Visit https://ssl.vpn.polymtl.ca in a browser
Select
PolyQuartz
and pressLogon
Logon with your
Okta
credentialsOn the
Cisco Secure Client Download
page, open your browser’sDevTools
.Find the
webvpn
cookie and copy its value.Pass this value to the following command on stdin (either by typing it, or piping to it):
sudo openconnect --protocol=anyconnect --authgroup=PolyQuartz --cookie-on-stdin https://ssl.vpn.polymtl.ca/
Note
A script to automate this process can be found here.
This workaround allows you to isolate the Cisco AnyConnect
client in a virtual machine. Additionally it allows you to determine which traffic you send through the VPN.
It should be effective for Linux
, macOS
and Windows
users.
It is recommended for advanced users.
Create an
Ubuntu
virtual machine using your preferred Virtual Machine Manager (these instructions were tested with QEMU-KVM, but other VMMs should work fine as well).Under network settings, your VM should be set to use
NAT
.Inside your new VM, follow the official Polytechnique instructions to install the
Cisco AnyConnect
client.Set up your VM as an
SSH server
.
sudo apt install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh
Get the ip address of your VM (
ip a
) and write it down.On the host, generate an SSH key pair, (or select an existing key pair to use) then transfer the public key to your VM using
ssh-copy-id
. You can modify the following commands with the correct info to do this:
ssh-keygen -t ed25519 -C "<VM_USER>@<VM_NAME>" -f ~/.ssh/<VM_USER>_ed25519
ssh-copy-id -i ~/.ssh/<VM_USER>_ed25519.pub -o PreferredAuthentications=password <VM_USER>@<VM_IP>
Test that you can successfully SSH into the VM.
In your SSH config file (
~/.ssh/config
) configure your VM as a proxy jump for traffic directed to NeuroPoly servers. You can modify the following config for your purposes:
# Needed for proxy jump with AnyConnect vm
# Replace the HostName with your VM's IP
# Replace the User with the username on your VM
# Replace the IdentityFile with the correct path to the relevant SSH key
Host jumpvm
HostName <VM_IP>
User <VM_USER>
IdentityFile ~/.ssh/<VM_USER>_ed25519
# This allows you to proxy ssh traffic to NeuroPoly servers
Host *.neuro.polymtl.ca 132.207.*
ProxyJump jumpvm
# Needed to use git with data
# Replace the IdentityFile with the correct path to the SSH key you use on data
Host data.neuro.polymtl.ca
User git
IdentityFile ~/.ssh/<KEY_FILE>
Note
If you sometimes work on campus, this config will interfere with your onsite access if not disabled. If you want to make it easier to manage alternate ssh config settings, you can create a different config file that includes these settings, and then point to it with the ssh -F
option.
Once you have finished with configuration, you can test your set up. For it to work, you will need to first start your VM and enable the VPN connection using the Cisco AnyConnect
client inside your VM.
You will then be able to proxy NeuroPoly-destined ssh traffic from your main host through your VM, which will make it easier to connect to NeuroPoly resources without significantly altering your workflow. You can test making an ssh connection to a NeuroPoly server to confirm that this works.
Note
You can use port forwarding to form other kinds of connections through your VM. (e.g. for RDP
connections, to access duke
or to access data
in your browser). Examples follow.
To connect to a station using RDP
ssh -NL 3389:localhost:3389 <GE_USERNAME@<STATION>.neuro.polymtl.ca
Then in your RDP
client put localhost:3389
for the server.
To connect to duke
ssh -NL 1445:duke.neuro.polymtl.ca:445 <VM_USER>@jumpvm
Then follow standard instructions for duke
but replace duke.neuro.polymtl.ca
with localhost:1445
(e.g. smb://localhost:1445/<FOLDER>
).
To access data
in your browser
ssh -NL 3000:localhost:3000 <GE_USERNAME>@data.neuro.polymtl.ca
Then in your browser go to: http://localhost:3000
The official Polytechnique instructions for configuring the Cisco AnyConnect
client can be found here.
Other Members#
If you are an Intern, a Consultant, or are otherwise considered an “Invité” by Polytechnique, this section applies to you. Users in your category are not granted VPN access by default. A specific request must be submitted to DGE IT to give you VPN access. (Normally, someone on the admin team should help you with this during your onboarding).
Once you are approved for VPN access, DGE IT will provide personalized instructions for your specific use case. Most likely, you will be be added to the PolyPhoton
group. Like PolyQuartz
, this group uses Okta
for authentication.
Note
If you do not wish to use the official Cisco AnyConnect
client, you may be able to adapt the instructions under the Polytechnique Staff
section for your purposes. However, please note that the workarounds described for PolyQuartz
users have not been adequately tested for PolyPhoton
users.
Warning
DGE IT’s protocols for integration of VPN users with an “Invité” status are currently under development, so at the moment we cannot provide much assurance that alternative VPN configurations will work for these users. The most reliable option is to follow the official instructions provided by DGE IT and Polytechnique.
Connect to NeuroPoly Computers#
Locally#
To log into a desktop station while at NeuroPoly, use your GE account.
SSH (command line)#
Note
If working off-campus, start your VPN first.
Note
If working on-campus using eduroam
wifi, make sure you are connected to eduroam
using your Poly credentials. The ssh
command below will probably not work if you are using eduroam
credentials from another university. Alternatively, you can use the cable connection.
Connect via ssh using the STATION
you want:
ssh <GE_USERNAME>@<STATION>.neuro.polymtl.ca
Note
Use the password you received by email. Not the password you received on printed paper. To change the password, see the section Password
above.
Note
To get ssh on Windows, you can install Microsoft’s ssh package, WSL, PuTTY, or cmder, or Git-Bash.
Optionally, install this shortcut which allows you to just type ssh <STATION>
:
cat >~/.ssh/config_neuropoly <<EOF
Match Host abbey,betty,bireli,coltrane,davis,django,ella,ferguson,jarrett,joplin,kirk,marsalis,mingus,parker,romane,rosenberg,tatum
HostName %h.neuro.polymtl.ca
Match host *.neuro.polymtl.ca
User <GE USERNAME> # fill in your username and remove this comment
# passwords are required to access /mnt/duke: https://github.com/neuropoly/computers/issues/90:
PreferredAuthentications password
EOF
echo 'Include ~/.ssh/config_neuropoly' >> ~/.ssh/config
Optionally, add this shortcut which makes simultaneous ssh connections possible without retyping your password:
cat >>~/.ssh/config <<EOF
Host *
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p
SFTP (Mount a remote station)#
ssh
also allows accessing remote files, via sftp
.
The best way to do this is sshfs
, which makes them appear as if they were a drive on your computer:
Install sshfs, if not yet installed:
Then mount the folder
mkdir cluster_folder
sshfs <USERNAME>@<STATION>: cluster_folder
If you use ~
or nothing (as shown) after the :
, the connection will be relative to to your remote home directory, e.g.
sshfs <USERNAME>@<STATION>:~/project1/ cluster_folder
will attach the remote /home/ge.polymtl.ca/$USER/project1/
to the local ./cluster_folder
, and
sshfs <USERNAME>@<STATION>:project1/ cluster_folder
will do the exact same.
However if you use /
after the :
, the mount will be relative to the remote root directory, e.g.
sshfs <USERNAME>@<STATION>:/tmp/ cluster_folder
will attach the remote /tmp/
to the local ./cluster_folder
Note
If you are experiencing mounting issues on macOs, this might help.
VNC (graphical interface)#
Open Finder
Click Cmd+K
In the “Server Address”, type (using the
STATION
you want):vnc://STATION.neuro.polymtl.ca
You can use your local/network account information or the shared account credentials
Establish a VNC connection using vinaigre.
In the “Server Address”, type (using the
STATION
you want):vnc://STATION.neuro.polymtl.ca
You can use the password from shared account credentials
Linux stations#
On Linux targets, a VNC server needs to be started manually before the above instructions will work.
Create configuration file under
~/.vnc/xstartup
with the following contents:
#!/bin/sh
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
startxfce4 &
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
Give the right permissions to the file
~/.vnc/xstartup
chmod +x ~/.vnc/xstartup
Start VNC server
vncserver -geometry 1600x1200 :<PORT_NUMBER>
Note: To list all running vncservers, use: ps -ef | grep vnc`
After starting the vncserver, connect to it as above.
Note
Note:
On the first start of the vncserver, you will have to set a personal password for your vnc session
The resolution can be defined by changing the value of the
-geometry
flag.
Stop VNC server - mandatory at the end of your session
vncserver -kill :<PORT_NUMBER>
Language#
The default interface on our systems is français. To use another language, set your LANG
environment variable:
echo 'export LANG=en_CA.UTF-8' >> ~/.profile
Logout and back in again and apps should now be in English (or the other language code you chose).
CPU/GPU Clusters#
The following CPU and GPU clusters are available for internal use at NeuroPoly.
Warning
Please indicate in NeuroPoly’s “Computer resource” calendar if you plan to launch intensive calculations on a computer. These are shared resources, so it helps to know which computer is being used and by who, in order to prioritize tasks and make the best of our resources. Your calendar entry could span several days, and should specify your name and the ID or number of GPU/CPU used. Example: julien@rosenberg:gpu[4,5]
, or naga@joplin:cpu[n=20]
If you don’t have writing permission on this calendar please post a request on the ticket tracker.
Note
If you wish to monitor the CPU/GPU/RAM/disk and other aspects of the server you are using, you can use our monitoring system. You need to be inside the VLAN to see the monitoring system.
rosenberg#
Spec |
Description |
---|---|
CPU |
2x Intel E5-2630 |
GPU |
8x P100 |
RAM |
16x 32GB DDR4 |
Hostname |
|
By default, the root (OS and home folder) mount point is on the NVME disk
Shared scratch located under /scratch. Please clean the unnecessary data after you finish the processing.
For system administrators: Please log all the changes on the station by updating the ansible scripts from neuropoly/computers.
romane#
Spec |
Description |
---|---|
CPU |
AMD EPYC 7452 32-Core |
GPU |
4x RTX A6000 48GB |
RAM |
16x 32GB DDR4 |
Hostname |
|
By default, the root (OS and home folder) mount point is on the NVME disk. You can train your model on your /home
For system administrators: Please log all the changes on the station by updating the ansible scripts from neuropoly/computers.
bireli#
Spec |
Description |
---|---|
CPU |
i7-5930K 3.5GHz 6 Cores |
GPU |
2x GTX Titan X 12GB |
RAM |
1x 64GB DDR4 |
Hostname |
|
Add event to the computer calendar
Use your GE account to connect on the machine
joplin#
Spec |
Description |
---|---|
CPU |
8x Intel E7-4809v4 8-Core 2.10GHz |
RAM |
16x 16GB DDR4 |
Hostname |
|
The server is bound to the GRAMES which is linked to the GE domain.
abbey#
Spec |
Description |
---|---|
CPU |
Xeon 12-core |
OS |
Ubuntu |
Hostname |
|
Credentials |
fitzgerald#
Spec |
Description |
---|---|
Model |
|
OS |
Windows 7 |
Hostname |
|
Credentials |
NeuroPoly Internal Document: Fitzgerald TeamViewer Credentials |
tristano#
Spec |
Description |
---|---|
Model |
Mac Mini |
OS |
Ubuntu 16.04 |
Hostname |
|
Credentials |
For SCT database interface use: SCT annotations
vnmrj#
Spec |
Description |
---|---|
Model |
PC Intel Duo Quad Core |
OS |
RedHat |
Hostname |
|
Credentials |
idea3t#
Spec |
Description |
---|---|
Purpose |
Programming pulse sequences within the Siemens IDEA environment for VE11C (Prisma) |
Model |
PC |
OS |
Windows 10 (⚠️ Connect with Microsoft Remote Desktop) |
Hostname |
|
Credentials |
Warning
Possible error: “The certificate or associated chain is not valid.”
Solution: Install remote Desktop v10 or higher (v8 does not work)
idea7t#
Spec |
Description |
---|---|
Purpose |
Programming pulse sequences within the Siemens IDEA environment for VE12U (Terra) |
Model |
PC |
OS |
Windows 10 (⚠️ Connect with Microsoft Remote Desktop) |
Hostname |
|
Credentials |
peterson#
Spec |
Description |
---|---|
Purpose |
EM simulation with CST |
Model |
PC, NVIDIA RTX A6000 (1x) |
OS |
Windows 10 (Connect with Microsoft Remote Desktop) |
Hostname |
|
Credentials |
<GE_USERNAME>/<GE_PASSWORD> |
node006 (Poly-Grames)#
Spec |
Description |
---|---|
Purpose |
EM simulation with CST |
Model |
PC, NVIDIA Tesla V100S-PCIE-32GB (1x) |
OS |
Windows 10 (Connect with Microsoft Remote Desktop) |
Hostname |
|
Credentials |
<GE_USERNAME>/<GE_PASSWORD> |
node007 (Poly-Grames)#
Spec |
Description |
---|---|
Purpose |
EM simulation with CST |
Model |
PC, NVIDIA Tesla V100S-PCIE-32GB (1x) |
OS |
Windows 10 (Connect with Microsoft Remote Desktop) |
Hostname |
|
Credentials |
<GRAMES_USERNAME>/<GRAMES_PASSWORD> |
Connect to the Polytechnique public disk#
Finder –> Go –> Connect to server Server address:
smb://genie06.polymtl.ca/public
Then enter your ID and password at poly.
Retrieve an old backup#
duke (/mri, /projects, /sct_testing) is backed up on grappelli every evening at 21:00 EST. In order to retrieve old backup you have to contact Jean-Sébastien Décarie.
Software Installed#
Installed on each station (local)#
MRI#
FSL
ANTS
FreeSurfer
mricron (for dcm2nii conversion)
Osirix
ITKsnap
MITKworkbench
Diffusion Toolkit (with quicklook plugin) + Trackvis
Programming#
git
source tree –> visualiser of git
Xcode (with command line tools)
PyCharm (Python editor)
Sublime Text (code editor)
Misc#
Google Sketchup
Google Chrome
VirtualBox
Endnote
Dropbox
X11 Quartz
Microsoft suite (Installation kit can be found on the GRAMES server. Please see section below.)
Matlab (Installation kit can be found on the GRAMES server. Please see section below.)
Slack
NDP view
QuickLook:
Nifti viewer
Tanguy’s app to open Nifti files with FSLview
To access software from the department (Matlab, Microsoft Office, etc.), connect to:
smb://hcifst.grames.polymtl.ca/tools
Scheduled reboots#
As part of regularly scheduled system upgrades, all NeuroPoly stations will automatically reboot once a week. These reboots are critical to system health, which is why they are configured to run automatically. In exceptional circumstances, scheduled reboots can be manually postponed by admins.
How do I know when a station will reboot?#
When you first login to a station, you will see a message called the Message Of The Day
(MOTD
).
This message includes a notice about the reboot schedule for the machine you are using. It will look something like this:
This system may reboot to install upgrades Mondays at 02:00am.
If you are having a hard time finding this information, you can always regenerate MOTD
by doing:
run-parts /etc/update-motd.d/
Please try to check the scheduled reboot time and take it into account when starting your computations.
Note
If a reboot is imminent, you may also see wall notices warning you about the upcoming reboot. They will say something like: “The system will reboot at Tue 2024-08-13 02:00:00 EDT!”
Please be aware that these notices start less than 24 hours before the scheduled reboot, so relying on them as your main reboot indicator is strongly discouraged.
How can I request that a scheduled reboot is postponed?#
If you started a long computation that you think will be interupted by the scheduled reboot, you can use the Reboot Postponement Request
issue template to request a postponement.
More detailed instructions are included in the template.
Important
Please try to give admins 24h notice for postponement requests.
Admins: The standard operating procedure for postponing scheduled reboots, along with more details on how automatic reboots work at NeuroPoly is all documented here.
Admin#
Technical details about station management and documentation is found on this repository.