🖥 Computers @NeuroPoly#

GE#

A GE network account is required to have access to internal computational resources.

You will receive a GE account during your onboarding.

Password#

Important

Once in a while, you are requested to change your password. To do so, log onto another machine (eg bireli, joplin) and use the command passwd to change your password.

Groups#

The list of permissions for shared folders on duke are available here.

Connect to Windows Servers#

Use Microsoft Remote Desktop Connection on creer51, creer52, creer53.

Computer : creer51.grames.polymtl.ca

Username: grames\your_polygrames_username

Password: your_polygrames_password

List of Computers at NeuroPoly#

Are you new to NeuroPoly and looking for a desk and a station? Please check the list of Desktop/Server/Clusters computers and Printers so you can pick one that is free. If you’d like a particular desk and someone else is using a station remotely, please ask the admins to move the station to another location.

If you prefer to work on your laptop, please let the admins know in your onboarding ticket and they will find you an available screen you can connect to your laptop.

VPN#

When working remotely from off-campus you need to use the VPN.

To connect to the VPN, you need to have an account with École Polytechnique, specifically with CAS. Students should already have this. Consultants and Research Associates will need to have an account created for them. This should have happened during your onboarding.

You can change your CAS password at Gestion des Codes.

The VPN uses the Cisco AnyConnect protocol, and to use it, you must first install a compatible VPN client.

Important

Depending on your status at Polytechnique, you will be assigned to a different VPN group. Your assigned group will determine how authentication will work for you, as well as which VPN clients will be compatible with your needs.

Instructions for different user scenarios are provided below.

Note

The VPN will not work if you are already accessing wifi on campus via eduroam, it is typically intended for off-campus use only.

Background on VPN changes#

In September 2024, Polytechnique reconfigured their VPN management strategy.

Previously, VPN authentication worked similarly for all Neuropoly members. Linux and macOS users wishing to avoid installing proprietary Cisco AnyConnect software could follow the instruction provided for students (below).

Because of the changes implemented by Polytechnique, these instructions no longer work for non-students.

If you are not a student, please follow the instructions provided for your specific use case.

Students#

Students should be approved for VPN access by default. They are assigned to the PolySSL group.

For Linux and macOS users, openconnect is the recommended VPN client.

Windows users should typically follow the official Polytechnique instructions. Advanced users concerned about the monitoring capabilities of the Cisco AnyConnect client might consider adapting the instructions for a VM-based workaround documented under Polytechnique Staff to their needs.

brew install openconnect

Open your Keychain program and click ‘+’ to add a new item:

  • Name: poly-vpn

  • Account: your YOUR_CAS_USERNAME

  • Password: enter your password here.

Note: the new item has to be added as an application password to your login Keychain (i.e., not to your iCloud Keychain).

Then, create the following script:

#!/bin/bash
# vpn.sh

set -eo pipefail

USER="<YOUR_CAS_USERNAME>"
PASS="$(security find-generic-password -a "${USER}" -s poly-vpn -w)"
GROUP=PolySSL # or PolyInvites, depending on your account's status
echo -n "$PASS" | sudo openconnect -u "$USER" --authgroup "$GROUP" --passwd-on-stdin --reconnect-timeout 20 ssl.vpn.polymtl.ca

To connect to the VPN, you need to run:

./vpn.sh
apt install openconnect

Then, create the following script:

#!/bin/bash
# vpn.sh

set -eo pipefail

USER="<YOUR_CAS_USERNAME>"
PASS="<YOUR_CAS_PASSWORD>"
GROUP=PolySSL # or PolyInvites, depending on your account's status
echo -n "$PASS" | sudo openconnect -u "$USER" --authgroup "$GROUP" --passwd-on-stdin --reconnect-timeout 20 ssl.vpn.polymtl.ca

To connect to the VPN, you need to run:

./vpn.sh

Depending on your Linux set up, you may also be able to create a graphical interface for your VPN. The following instructions were tested on a system using NetworkManager and the GNOME desktop environment:

  1. Install the NetworkManager openconnect plugin. For example, with:

apt install network-manager-openconnect-gnome
  1. Under Settings go to Network.

  2. Under VPN select + to Add VPN.

  3. Select Multi-protocol VPN client (openconnect).

  4. Under Gateway put ssl.vpn.polymtl.ca.

  5. Click Apply.

  6. Activate the VPN.

  7. Under GROUP: select PolySSL.

  8. Under Username: put your CAS username.

  9. Under Password: put your CAS password.

  10. Click Connect.

Please follow the official steps from PolyMTL (French or English).

In case the above links ever break, the steps are:

  1. Install “Cisco AnyConnect Secure Mobility Client”.

    • NB: This software is licensed to organizations, so the download page will typically be behind some sort of authentication. Right now, you have to download it from the “Utilisation du Service” section of this page, which requries you to sign in with your CAS account.

  2. Run the newly-installed Cisco AnyConnect Secure Mobility Client program.

  3. Configure the VPN:

    • Enter the server address: ssl.vpn.polymtl.ca

    • In the “Group” drop-down list, choose the profile: PolySSL

    • Identify yourself with the username and password of your CAS account (e.g. p123123)

  4. Click “Accept”. You’re connected! :)

Polytechnique Staff#

Polytechnique staff (including Professors, Research Associates, and Postdoctoral Researchers) are assigned to the PolyQuartz group.

The PolyQuartz group relies on an authentication flow that makes use of your Okta account. The authentication flow is not natively supported by the openconnect client.

Users wishing to avoid installing the officially provisioned Cisco AnyConnect client can consider several known workarounds.

Linux and macOS users can use a workaround involving the openconnect client and manual cookie extraction.

All users can implement a workaround involving running the Cisco AnyConnect client inside a Virtual Machine.

Instructions for each of these options are as follows:

This workaround allows you to complete the Okta-based authentication flow while using the openconnect client.

It should be effective for Linux and macOS users.

  1. Ensure that the openconnect client is installed on your computer.

  2. Visit https://ssl.vpn.polymtl.ca in a browser

  3. Select PolyQuartz and press Logon

  4. Logon with your Okta credentials

  5. On the Cisco Secure Client Download page, open your browser’s DevTools.

  6. Find the webvpn cookie and copy its value.

  7. Pass this value to the following command on stdin (either by typing it, or piping to it):

sudo openconnect --protocol=anyconnect --authgroup=PolyQuartz --cookie-on-stdin https://ssl.vpn.polymtl.ca/

Note

A script to automate this process can be found here.

This workaround allows you to isolate the Cisco AnyConnect client in a virtual machine. Additionally it allows you to determine which traffic you send through the VPN.

It should be effective for Linux, macOS and Windows users.

It is recommended for advanced users.

  1. Create an Ubuntu virtual machine using your preferred Virtual Machine Manager (these instructions were tested with QEMU-KVM, but other VMMs should work fine as well).

  2. Under network settings, your VM should be set to use NAT.

  3. Inside your new VM, follow the official Polytechnique instructions to install the Cisco AnyConnect client.

  4. Set up your VM as an SSH server.

sudo apt install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh
  1. Get the ip address of your VM (ip a) and write it down.

  2. On the host, generate an SSH key pair, (or select an existing key pair to use) then transfer the public key to your VM using ssh-copy-id. You can modify the following commands with the correct info to do this:

ssh-keygen -t ed25519 -C "<VM_USER>@<VM_NAME>" -f ~/.ssh/<VM_USER>_ed25519
ssh-copy-id -i ~/.ssh/<VM_USER>_ed25519.pub -o PreferredAuthentications=password <VM_USER>@<VM_IP>
  1. Test that you can successfully SSH into the VM.

  2. In your SSH config file (~/.ssh/config) configure your VM as a proxy jump for traffic directed to NeuroPoly servers. You can modify the following config for your purposes:

# Needed for proxy jump with AnyConnect vm

# Replace the HostName with your VM's IP
# Replace the User with the username on your VM
# Replace the IdentityFile with the correct path to the relevant SSH key
Host jumpvm
    HostName <VM_IP>
    User <VM_USER>
    IdentityFile ~/.ssh/<VM_USER>_ed25519

# This allows you to proxy ssh traffic to NeuroPoly servers
Host *.neuro.polymtl.ca 132.207.*
    ProxyJump jumpvm

# Needed to use git with data

# Replace the IdentityFile with the correct path to the SSH key you use on data
Host data.neuro.polymtl.ca
    User git
    IdentityFile ~/.ssh/<KEY_FILE>

Note

If you sometimes work on campus, this config will interfere with your onsite access if not disabled. If you want to make it easier to manage alternate ssh config settings, you can create a different config file that includes these settings, and then point to it with the ssh -F option.

Once you have finished with configuration, you can test your set up. For it to work, you will need to first start your VM and enable the VPN connection using the Cisco AnyConnect client inside your VM.

You will then be able to proxy NeuroPoly-destined ssh traffic from your main host through your VM, which will make it easier to connect to NeuroPoly resources without significantly altering your workflow. You can test making an ssh connection to a NeuroPoly server to confirm that this works.

Note

You can use port forwarding to form other kinds of connections through your VM. (e.g. for RDP connections, to access duke or to access data in your browser). Examples follow.

To connect to a station using RDP

ssh -NL 3389:localhost:3389 <GE_USERNAME@<STATION>.neuro.polymtl.ca

Then in your RDP client put localhost:3389 for the server.

To connect to duke

ssh -NL 1445:duke.neuro.polymtl.ca:445 <VM_USER>@jumpvm  

Then follow standard instructions for duke but replace duke.neuro.polymtl.ca with localhost:1445 (e.g. smb://localhost:1445/<FOLDER>).

To access data in your browser

ssh -NL 3000:localhost:3000 <GE_USERNAME>@data.neuro.polymtl.ca

Then in your browser go to: http://localhost:3000

The official Polytechnique instructions for configuring the Cisco AnyConnect client can be found here.

Other Members#

If you are an Intern, a Consultant, or are otherwise considered an “Invité” by Polytechnique, this section applies to you. Users in your category are not granted VPN access by default. A specific request must be submitted to DGE IT to give you VPN access. (Normally, someone on the admin team should help you with this during your onboarding).

Once you are approved for VPN access, DGE IT will provide personalized instructions for your specific use case. Most likely, you will be be added to the PolyPhoton group. Like PolyQuartz, this group uses Okta for authentication.

Note

If you do not wish to use the official Cisco AnyConnect client, you may be able to adapt the instructions under the Polytechnique Staff section for your purposes. However, please note that the workarounds described for PolyQuartz users have not been adequately tested for PolyPhoton users.

Warning

DGE IT’s protocols for integration of VPN users with an “Invité” status are currently under development, so at the moment we cannot provide much assurance that alternative VPN configurations will work for these users. The most reliable option is to follow the official instructions provided by DGE IT and Polytechnique.

Connect to NeuroPoly Computers#

Locally#

To log into a desktop station while at NeuroPoly, use your GE account.

SSH (command line)#

Note

If working off-campus, start your VPN first.

Note

If working on-campus using eduroam wifi, make sure you are connected to eduroam using your Poly credentials. The ssh command below will probably not work if you are using eduroam credentials from another university. Alternatively, you can use the cable connection.

Connect via ssh using the STATION you want:

 ssh <GE_USERNAME>@<STATION>.neuro.polymtl.ca

Note

Use the password you received by email. Not the password you received on printed paper. To change the password, see the section Password above.

Note

To get ssh on Windows, you can install Microsoft’s ssh package, WSL, PuTTY, or cmder, or Git-Bash.

Optionally, install this shortcut which allows you to just type ssh <STATION>:

cat >~/.ssh/config_neuropoly <<EOF
Match Host abbey,betty,bireli,coltrane,davis,django,ella,ferguson,jarrett,joplin,kirk,marsalis,mingus,parker,romane,rosenberg,tatum
HostName %h.neuro.polymtl.ca

Match host *.neuro.polymtl.ca
User <GE USERNAME> # fill in your username and remove this comment
# passwords are required to access /mnt/duke: https://github.com/neuropoly/computers/issues/90:
PreferredAuthentications password
EOF

echo 'Include ~/.ssh/config_neuropoly' >> ~/.ssh/config

Optionally, add this shortcut which makes simultaneous ssh connections possible without retyping your password:

cat >>~/.ssh/config <<EOF
Host *
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p

SFTP (Mount a remote station)#

ssh also allows accessing remote files, via sftp.

The best way to do this is sshfs, which makes them appear as if they were a drive on your computer:

Install sshfs, if not yet installed:

sudo apt install -y sshfs

Follow this procedure.

brew install --cask osxfuse
brew install sshfs

Then mount the folder

mkdir cluster_folder
sshfs <USERNAME>@<STATION>: cluster_folder

If you use ~ or nothing (as shown) after the :, the connection will be relative to to your remote home directory, e.g.

sshfs <USERNAME>@<STATION>:~/project1/ cluster_folder

will attach the remote /home/ge.polymtl.ca/$USER/project1/ to the local ./cluster_folder, and

sshfs <USERNAME>@<STATION>:project1/ cluster_folder

will do the exact same.

However if you use / after the :, the mount will be relative to the remote root directory, e.g.

sshfs <USERNAME>@<STATION>:/tmp/ cluster_folder

will attach the remote /tmp/ to the local ./cluster_folder

Note

If you are experiencing mounting issues on macOs, this might help.

VNC (graphical interface)#

  1. Open Finder

  2. Click Cmd+K

  3. In the “Server Address”, type (using the STATION you want): vnc://STATION.neuro.polymtl.ca

  4. You can use your local/network account information or the shared account credentials

  1. Establish a VNC connection using vinaigre.

  2. In the “Server Address”, type (using the STATION you want): vnc://STATION.neuro.polymtl.ca

  3. You can use the password from shared account credentials

Linux stations#

On Linux targets, a VNC server needs to be started manually before the above instructions will work.

  1. Create configuration file under ~/.vnc/xstartup with the following contents:

 #!/bin/sh
 # Uncomment the following two lines for normal desktop:
 unset SESSION_MANAGER
 unset DBUS_SESSION_BUS_ADDRESS
 startxfce4 &
 [ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
 [ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
 xsetroot -solid grey
 vncconfig -iconic &
  1. Give the right permissions to the file ~/.vnc/xstartup

 chmod +x ~/.vnc/xstartup
  1. Start VNC server

 vncserver -geometry 1600x1200 :<PORT_NUMBER>

Note: To list all running vncservers, use: ps -ef | grep vnc`

After starting the vncserver, connect to it as above.

Note

Note:

  • On the first start of the vncserver, you will have to set a personal password for your vnc session

  • The resolution can be defined by changing the value of the -geometry flag.

  1. Stop VNC server - mandatory at the end of your session

 vncserver -kill :<PORT_NUMBER>

Language#

The default interface on our systems is français. To use another language, set your LANG environment variable:

echo 'export LANG=en_CA.UTF-8' >> ~/.profile

Logout and back in again and apps should now be in English (or the other language code you chose).

CPU/GPU Clusters#

The following CPU and GPU clusters are available for internal use at NeuroPoly.

Warning

Please indicate in NeuroPoly’s “Computer resource” calendar if you plan to launch intensive calculations on a computer. These are shared resources, so it helps to know which computer is being used and by who, in order to prioritize tasks and make the best of our resources. Your calendar entry could span several days, and should specify your name and the ID or number of GPU/CPU used. Example: julien@rosenberg:gpu[4,5], or naga@joplin:cpu[n=20] If you don’t have writing permission on this calendar please post a request on the ticket tracker.

Note

If you wish to monitor the CPU/GPU/RAM/disk and other aspects of the server you are using, you can use our monitoring system. You need to be inside the VLAN to see the monitoring system.

rosenberg#

Spec

Description

CPU

2x Intel E5-2630

GPU

8x P100

RAM

16x 32GB DDR4

Hostname

rosenberg.neuro.polymtl.ca

For system administrators: Please log all the changes on the station by updating the ansible scripts from neuropoly/computers.

romane#

Spec

Description

CPU

AMD EPYC 7452 32-Core

GPU

4x RTX A6000 48GB

RAM

16x 32GB DDR4

Hostname

romane.neuro.polymtl.ca

For system administrators: Please log all the changes on the station by updating the ansible scripts from neuropoly/computers.

bireli#

Spec

Description

CPU

i7-5930K 3.5GHz 6 Cores

GPU

2x GTX Titan X 12GB

RAM

1x 64GB DDR4

Hostname

bireli.neuro.polymtl.ca

joplin#

Spec

Description

CPU

8x Intel E7-4809v4 8-Core 2.10GHz

RAM

16x 16GB DDR4

Hostname

joplin.neuro.polymtl.ca

The server is bound to the GRAMES which is linked to the GE domain.

abbey#

Spec

Description

CPU

Xeon 12-core

OS

Ubuntu

Hostname

Credentials

NeuroPoly Internal Document: Abbey Teamviewer Credentials

fitzgerald#

Spec

Description

Model

OS

Windows 7

Hostname

Credentials

NeuroPoly Internal Document: Fitzgerald TeamViewer Credentials

tristano#

Spec

Description

Model

Mac Mini

OS

Ubuntu 16.04

Hostname

Credentials

NeuroPoly Internal Document: Tristano VNC Credentials

For SCT database interface use: SCT annotations

vnmrj#

Spec

Description

Model

PC Intel Duo Quad Core

OS

RedHat

Hostname

Credentials

NeuroPoly Internal Document: VNMRJ VNC Credentials

idea3t#

Spec

Description

Purpose

Programming pulse sequences within the Siemens IDEA environment for VE11C (Prisma)

Model

PC

OS

Windows 10 (⚠️ Connect with Microsoft Remote Desktop)

Hostname

idea3t.neuro.polymtl.ca

Credentials

NeuroPoly Internal Document: Idea3t Remote Credentials

Warning

Possible error: “The certificate or associated chain is not valid.”
Solution: Install remote Desktop v10 or higher (v8 does not work)

idea7t#

Spec

Description

Purpose

Programming pulse sequences within the Siemens IDEA environment for VE12U (Terra)

Model

PC

OS

Windows 10 (⚠️ Connect with Microsoft Remote Desktop)

Hostname

idea7t.neuro.polymtl.ca

Credentials

NeuroPoly Internal Document: Idea7t Remote Credentials

peterson#

Spec

Description

Purpose

EM simulation with CST

Model

PC, NVIDIA RTX A6000 (1x)

OS

Windows 10 (Connect with Microsoft Remote Desktop)

Hostname

peterson.grames.polymtl.ca

Credentials

<GE_USERNAME>/<GE_PASSWORD>

node006 (Poly-Grames)#

Spec

Description

Purpose

EM simulation with CST

Model

PC, NVIDIA Tesla V100S-PCIE-32GB (1x)

OS

Windows 10 (Connect with Microsoft Remote Desktop)

Hostname

node006.grames.polymtl.ca

Credentials

<GE_USERNAME>/<GE_PASSWORD>

node007 (Poly-Grames)#

Spec

Description

Purpose

EM simulation with CST

Model

PC, NVIDIA Tesla V100S-PCIE-32GB (1x)

OS

Windows 10 (Connect with Microsoft Remote Desktop)

Hostname

node007.grames.polymtl.ca

Credentials

<GRAMES_USERNAME>/<GRAMES_PASSWORD>

Connect to the Polytechnique public disk#

Finder –> Go –> Connect to server Server address:

smb://genie06.polymtl.ca/public

Then enter your ID and password at poly.

Retrieve an old backup#

duke (/mri, /projects, /sct_testing) is backed up on grappelli every evening at 21:00 EST. In order to retrieve old backup you have to contact Jean-Sébastien Décarie.

Software Installed#

Installed on each station (local)#

MRI#

  • FSL

  • ANTS

  • FreeSurfer

  • mricron (for dcm2nii conversion)

  • Osirix

  • ITKsnap

  • MITKworkbench

  • Diffusion Toolkit (with quicklook plugin) + Trackvis

Programming#

  • git

  • source tree –> visualiser of git

  • Xcode (with command line tools)

  • PyCharm (Python editor)

  • Sublime Text (code editor)

Misc#

  • Google Sketchup

  • Google Chrome

  • VirtualBox

  • Endnote

  • Dropbox

  • X11 Quartz

  • Microsoft suite (Installation kit can be found on the GRAMES server. Please see section below.)

  • Matlab (Installation kit can be found on the GRAMES server. Please see section below.)

  • Slack

  • NDP view

  • QuickLook:

    • Nifti viewer

  • Tanguy’s app to open Nifti files with FSLview

To access software from the department (Matlab, Microsoft Office, etc.), connect to:

smb://hcifst.grames.polymtl.ca/tools

Scheduled reboots#

As part of regularly scheduled system upgrades, all NeuroPoly stations will automatically reboot once a week. These reboots are critical to system health, which is why they are configured to run automatically. In exceptional circumstances, scheduled reboots can be manually postponed by admins.

How do I know when a station will reboot?#

When you first login to a station, you will see a message called the Message Of The Day (MOTD).

This message includes a notice about the reboot schedule for the machine you are using. It will look something like this:

This system may reboot to install upgrades Mondays at 02:00am.

If you are having a hard time finding this information, you can always regenerate MOTD by doing:

run-parts /etc/update-motd.d/

Please try to check the scheduled reboot time and take it into account when starting your computations.

Note

If a reboot is imminent, you may also see wall notices warning you about the upcoming reboot. They will say something like: “The system will reboot at Tue 2024-08-13 02:00:00 EDT!”

Please be aware that these notices start less than 24 hours before the scheduled reboot, so relying on them as your main reboot indicator is strongly discouraged.

How can I request that a scheduled reboot is postponed?#

If you started a long computation that you think will be interupted by the scheduled reboot, you can use the Reboot Postponement Request issue template to request a postponement.

More detailed instructions are included in the template.

Important

Please try to give admins 24h notice for postponement requests.

Admins: The standard operating procedure for postponing scheduled reboots, along with more details on how automatic reboots work at NeuroPoly is all documented here.

Admin#

Technical details about station management and documentation is found on this repository.