Research groups with a Principal Investigator from German Universities or German Research Institutions can apply via GCS-JARDS, European research groups can apply via PRACE. For details, see Application for a project on SuperMUC-NG.
The Principal Investigator (PI, first master user) or the Person of Contact (PC, second master user) can make a request for a new user (researcher) in his project via the service request template 'New SuperMUC-NG User (Only for Master Users, PI)'
Login to SuperMUC-NG
The PI or the PC (master users) can add/remove IP addresses using the service request templates for:
- 'Enable IP Address(es) for SuperMUC-NG (Only for Master Users, PI)' or
- 'Disable IP Address(es) for SuperMUC-NG (Only for Master Users, PI).
Before you can login to SuperMUC you have to set a password and accept the usage regulations at the LRZ Identity Management Portal using your account and the start password that we have delivered to your project manager.
SuperMUC-NG uses login nodes for interactive access and for the submission of batch jobs. The login nodes have an identical environment, but multiple sessions of one user may reside on different nodes which must be taken into account e.g., when killing processes.
Two mechanisms are provided for logging in to the system; both incorporate security features to prevent appropriation of sensitive information by a third party.
Login with Secure Shell
Access via SSH (Secure Shell) is described in detail in the LRZ Document about SSH. In particular, the setup required to use private/public keys for access is described there. From the UNIX command line of the user's workstation the login to an LRZ account xxyyyzz is performed via:
|System part||Login||Architecture||Number of nodes |
behind the round-robin address
|Login node for |
SuperMUC-NG Phase 1
ssh -Y skx.supermuc.lrz.de -l xxyyyzz
(ssh -Y skx6.supermuc.lrz.de -l xxyyyzz #for IPv6)
Login nodes with connection to the SuperMUC tape archive
ssh -Y skx-arch.supermuc.lrz.de -l xxyyyzz
- Only public and static IP addresses can be registered to access SuperMUC-NG. The project manager (master user) can add/remove IP addresses using the service requests templates (add/remove).
- LRZ Security Policies demand that the user's private SSH keys that are used to access the system from the outside world are locked and guarded with a non-empty passphrase, therefore it is not allowed to use an empty passphrase during the private key generation. We consider an empty passphrase as a violation of our security policies. Users disregarding this policy will be barred from further usage of LRZ systems.
- The SuperMUC-NG firewall permits only incoming SSH-connections i.e., ssh or scp from SuperMUC-NG to the outside world is disabled.
- The -Y option is required for tunneling of the X11 (windowing) protocol, it may be omitted if no X11 clients are required.
- It is recommended to add the List of ssh key fingerprints for SuperMUC-NG to ~/.ssh/known_hosts on your own local machine before logging in for the first time.
Reporting problems with Login
To report a problem use the
ssh command with the "
-vvv" option and include the verbose information when submitting an incident ticket to the Servicedeck for SuperMUC-NG.
Changing password or login shell
The Linux commands
chsh do not work on SuperMUC-NG. New accounts can only login to LRZ Systems after changing the initial password (issued by the project manager).
To change passwords or the login shell, use the LRZ Identity Management Portal:
- Log in to the web interface using your account and password.
- Toggle between English and German: use the little flags.
- To view the password expiration date, select "Person -> view" or "Account -> view authorizations".
- To change your password, select "Self Services/modify password".
- To change your login shell select "Self Services/change login shell". For the platform "SuperMUC" select the new login shell from the drop-down menu. If your preferred shell is not listed here, it is not available on SuperMUC-NG.
Passwords have to be changed after 12 months, you will be notified via email. If you forgot to set a new password, your access to LRZ systems will be restored after you set a new password through the LRZ Identity Management Portal.
Bash as login shell
Although other login shells are possible and might work, we strongly recommend to use bash as login shell, It is nearly impossible for us to test all combinations of software and the module system with different shells.
User centered-usage model
LRZ introduced a new usage model with SuperMUC-NG:
- user-centered: each user has only one user account on the system.
- Projects as groups: All assigned project resources can be accessed via one account. Particular attention was paid to data handling: The new model enables a user to seamlessly access his or her data in different projects for which he/she is validated.
The following commands show the time and storage budget for the current user:
$ module load lrztools
In a SLURM job the user must use the flag
in order to book the used computing time to a project account.
- Easier data sharing: Users can share data world wide using the LRZ Data Science Storage (DSS). To share data in WORK with project members, see FAQ: Sharing files with other users.
Important note: SuperMUC Phase 2 still uses the old usage model, where users have different accounts for different projects.
Also the naming convention of the HOME, WORK and SCRATCH directories on SuperMUC-NG changed, see File Systems of SuperMUC-NG.
The following example shows the accounts of user “Erika Mustermann” on SuperMUC Phase 2, the scheme for HOME and WORK as well as the date of the most recent password change.
Date of password
The new user account on SuperMUC-NG for “Erika Mustermann” is di12faq5. She only has one HOME directory, but a different WORK directory for each of her three projects:
HOME and SCRATCH
WORK directories the user can access
For controlling other settings and gaining access to the software stack the Modules of the HPC Systems are used. You are strongly urged to read that document, because some additional configuration on your side may be needed and/or required to reliably perform environment setup within batch jobs.
By default, version 2019 (update 3) of the Intel Parallel Studio is loaded at login or when starting batch jobs. This is the recommended release for large-scale parallel programs. For compatibility with the installed software stack it may be necessary to switch to an older release using the following command:
module switch devEnv/Intel/2019 devEnv/Intel/2018
Moving data from/to SuperMUC-NG
We provide several options to move data from/to SuperMUC-NG. All of them have in common that the IP-Address of the remote machine must be first enabled in the SuperMUC-NG firewall.
Access to Subversion (SVN) and Git servers
The SuperMUC firewall permits only incoming SSH-connections. You can use port forwarding to establish a connection between the subversion server and SuperMUC-NG,