New Penguin Computing On-Demand Accounts¶
Brand new users to Penguin Computing On-Demand (POD) can begin the account registration process by completing this web form. A salesperson will be in touch with you to help finalize billing and other accounting details. Please use a current and valid e-mail address as this will be used with your POD account.
Once the billing and accounting details are sorted, you will receive an e-mail invitation and activation code to create your POD account. At this time you will set a UNIX account username and web-portal password. Be aware that both are case sensitive.
New Managed POD Accounts¶
Users that have been invited to create a managed account by an existing POD account holder will receive an e-mail invitation and activation code directly. You will need to set a case-sensitive UNIX account username and web-portal password. Managed accounts may have limited access to login nodes and storage resources as defined by policies set by the top-level account owner.
About Our Clusters: MT1 & MT2¶
POD provides access to two HPC clusters named: MT1 & MT2. Both clusters can be accessed using the POD User Portal. Both clusters use separate localized storage and high-speed low-latency networking to facilitate intra/inter-node communication and data migration. While your account’s login nodes and user home directories are local to each cluster, a single global POD account username provides usage reporting for resources on each HPC cluster.
|Cluster||Available Technology||Data Center Details|
Storage and Login Nodes¶
Brand new users are encouraged to create MT2 login nodes and use the MT2 cluster for executing application workloads. MT2, based on Red Hat Enterprise Linux (RHEL) 7, is going to be easier to use; offer newer CPU and networking architectures; and provide newer versions of pre-built applications and libraries. MT2 also provides access to a Scyld Cloud Workstation (SCW) login node which will allow you to run many applications using a Graphical User Interface (GUI).
MT1 is based on Red Hat Enterprise Linux (RHEL) 6 and may be cheaper to use. If the CPU and memory capacities available on MT1 compute nodes are adequate for your application requirements, you may choose to use MT1. Users are encouraged to investigate both clusters for your applications and workloads balancing complexity, capacity, capability, and cost.
MT1: Create Storage Volume¶
Home directory storage is billed differently on MT1 and MT2. On MT1 you must create a storage volume for your home directory. Your account will be charged for the capacity of this volume. We recommend provisioning something large enough to accommodate your application workflow in your home directory. This volume can be easily be increased or decreased as needed.
After you have determined the size of your MT1 storage volume you can create it in the POD User Portal under the Resources by Location menu > POD MT1 link. If your storage requirements are unknown start with 1 GB. A 1 GB storage volume is large enough to create a new home directory and is available free-of-charge.
MT1: Create pod.free Login Node¶
After you have setup your MT1 storage volume, you should also create a login node for use by your account. You will be able to access your login node from the internet. From here you can upload/download files and submit jobs for execution on the MT1 cluster. You should create a login node with instance type pod.free because it is available to your account free-of-charge. Other more powerful instance types are available, but will incur a per-hour charge while they are powered on.
Create your pod.free and any additional login nodes in the POD User Portal under the Resources by Location menu > POD MT1 link. Most users login node requirements should be met by the pod.free login node. For best performance compute jobs should not be executed on login nodes.
MT2: Home Directory Created Automatically¶
On MT2 you do not need to provision a storage volume for your home directory. Different from MT1, you are only charged for the home directory storage used by your account on MT2. If you keep you home directory utilization under 1 GB, then you will not incur a monthly charge for storage on MT2.
MT2: Create pod.free Login Node¶
On MT2 you should create a login node for use by your account. Just like MT1 you will be able to access your login node from the internet where you can download/upload files and submit jobs to the MT2 cluster. You should create a login node with instance type pod.free because it is available to your account free-of-charge. Other more powerful instance types are also available but will incur a per-hour charge while they are powered on.
Create your pod.free and any additional login nodes in the POD User Portal under the Resources by Location menu > POD MT2 link. Most users requirements should be met by the pod.free login node. For best performance compute jobs should not be executed on login nodes.
Two-Factor Authentication (2FA)¶
Two-Factor Authentication provides an additional layer of security that helps protect your account and data by requiring a second authentication factor when logging in. On POD, your password or SSH keys act as the first authentication factor, with the second factor using a one-time numerical code you enter. The implementation used here is called OTP, specifically time-based OTP, or TOTP. Read more about TOTP here.
The your 2FA code is generated by an app on your mobile device. We suggest using Google Authenticator. This implementation is used by many common services like Gmail, Twitter, Instagram, GitHub, etc.
Enabling Two-Factor Authentication on POD¶
To enable two-factor authentication for your POD account, login to the POD User Portal and access your Account Settings page. The link to Account Settings is in a menu in the upper-right corner of the page. Click on your e-mail address to access the menu. From the Account Settings page, click the Enable Two-factor Authentication button to begin setup. The next page will explain the setup process and provide a QR-code that you will scan with your mobile device.
Make sure you have Google Authenticator installed on your iOS or Android device. You can cancel the setup at any time up to this point, but once you click the Confirm button, your account will fully protected.
Once 2FA is enabled, you will be required to enter a code as the second authentication factor when logging into the POD User Portal and accessing login nodes via SSH. Please Note: The Scyld Cloud Workstation (SCW) instances do NOT currently support two-factor authentication. It is on the future road map for development.
Requiring 2FA for Managed Users¶
Account owners have the option to set 2FA requirements for their entire account or for individual managed users. Managed users cannot override these settings. By setting the requirement on the entire account, all current and future managed users will be required to use 2FA.
SSH Client Configuration¶
2FA users may need to modify their local SSH client configuration to allow both public key and keyboard-interactive authentication. Your primary authentication factor will be your SSH key-pair, and the keyboard-interactive session will allow you to enter in your 2FA verification code. 2FA enabled users with incompatible local SSH configurations will not see the Verification Code prompt and their login will fail. If your client configuration needs updating, add this stanza to your local SSH client configuration to fix the issue:
Host 192.41.74.? 192.41.29.? PreferredAuthentications publickey,keyboard-interactive
Accounts without 2FA enabled may see an
Authenticated with partial success message when authenticating on their login nodes. This message can safely be ignored.
Help and Recovery¶
If you lose access to your mobile device (or otherwise lose the POD account data in Google Authenticator), the account owner will need to contact POD Support. POD administrators will confirm the account owner’s identity, and once confirmed, they will reset the secret on your account. On your next login, you will be asked to scan a new code with Google Authenticator (to exchange the secret) and you can proceed.