Page tree
Skip to end of metadata
Go to start of metadata

Getting Access

Research groups with a Principal Investigator from German Universities or German Research Institutions can apply via GCS-JARDS, European research groups can apply via PRACE. For details, see Application for a project on SuperMUC-NG.

The Principal Investigator (PI, first master user) or the Person of Contact (PC, second master user) can make a request for a new user (researcher) in his project via the service request template 'New SuperMUC-NG User (Only for Master Users, PI)'

Login to SuperMUC-NG

Only public and static IPv4 addresses can be registered to access SuperMUC-NG. The PI or the PC (master users) can add/remove IPv4 addresses using the service request templates for:

Before you can login to SuperMUC you have to set a password and accept the usage regulations at the LRZ Identity Management Portal using your account and the start password that we have delivered to your project manager.

SuperMUC-NG uses login nodes for interactive access and for the submission of batch jobs. The login nodes have an identical environment, but multiple sessions of one user may reside on different nodes which must be taken into account e.g., when killing processes.

Two mechanisms are provided for logging in to the system; both incorporate security features to prevent appropriation of sensitive information by a third party.

Login with Secure Shell

Access via SSH (Secure Shell) is described in detail in the LRZ Document about SSH. In particular, the setup required to use private/public keys for access is described there. From the UNIX command line of the user's workstation the login to an LRZ account xxyyyzz is performed via:

System partLoginArchitectureNumber of nodes
behind the  round-robin  address
Login node for
SuperMUC-NG Phase 1

ssh -Y skx.supermuc.lrz.de -l xxyyyzz

Intel Skylake3

Login nodes  with connection to the tape archive

currently not available:
ssh -Y skx-arch.supermuc.lrz.de -l xxyyyzz

Intel Skylake4

Note:

  • Only public and static IPv4 addresses can be registered to access SuperMUC-NG. The project manager (master user) can add/remove IPv4 addresses using the service requests templates (add/remove).
  • LRZ Security Policies demand that the user's private SSH keys that are used to access the system from the outside world are locked and guarded with a non-empty passphrase, therefore it is not allowed to use an empty passphrase during the private key generation. We consider an empty passphrase as a violation of our security policies. Users disregarding this policy will be barred from further usage of LRZ systems.
  • The SuperMUC-NG firewall permits only incoming SSH-connections i.e., ssh or scp from SuperMUC-NG to the outside world is disabled.
  • The -Y option is required for tunneling of the X11 (windowing) protocol, it may be omitted if no X11 clients are required. 
  • It is recommended to add the List of ssh key fingerprints for SuperMUC-NG to ~/.ssh/known_hosts on your own local machine before logging in for the first time.

Reporting problems with Login

To report a problem use the ssh command with the "-vvv" option and include the verbose information when submitting an incident ticket to the Servicedeck for SuperMUC-NG.

Changing password or login shell

The Linux commands passwd and chsh do not work on SuperMUC-NG. New accounts can only login to LRZ Systems after changing the initial password (issued by the project manager).

To change passwords or the login shell, use the LRZ Identity Management Portal:

  • Log in to the web interface using your account and password.
  • Toggle between English and German: use the little flags.
  • To view the password expiration date, select "Person -> view" or  "Account -> view authorizations".
  • To change your password, select  "Self Services/modify password".
  • To change your login shell select "Self Services/change login shell". For the platform "SuperMUC" select the new login shell from the drop-down menu. If your preferred shell is not listed here, it is not supported on SuperMUC-NG.

Passwords have to be changed after 12 months, you will be notified via email. If you forgot to set a new password, your access to LRZ systems will be restored after you set a new password through the LRZ Identity Management Portal.

Full (German) text of the authentication regulations

User centered-usage model

LRZ introduced a new usage model with SuperMUC-NG:

  • user-centered: each user has only one user account on the system.
  • Projects as groups: All assigned project resources can be accessed via one account. Particular attention was paid to data handling: The new model enables a user to seamlessly access his or her data in different projects for which he/she is validated.

    The following commands show the time and storage budget for the current user:

    $ module load lrztools
    $ budget_and_quota

    In a SLURM job the user must use the flag

    #SBATCH --account=<project-id>

    in order to book the used computing time to a project account.

  • Easier data sharing: Users can share data world wide using the LRZ Data Science Storage (DSS). To share data in WORK with project members, see FAQ: Sharing files with other users.

Important note: SuperMUC Phase 2 still uses the old usage model, where users have different accounts for different projects.

Also the naming convention of the HOME, WORK and SCRATCH directories on SuperMUC-NG changed, see File Systems of SuperMUC-NG.

The following example shows the accounts of user “Erika Mustermann” on SuperMUC Phase 2, the scheme for HOME and WORK as well as the date of the most recent password change.

User Account
on SuperMUC Phase 2

Project ID

HOME
on SuperMUC Phase 2

WORK
on SuperMUC Phase 2

Date of password
change

di12faq
pr12xf
/home/hpc/pr12xf/di12faq
/gpfs/work/pr12xf/di12faq
2018-05-01
di12faq2
pr23ys
/home/hpc/pr23ys/di12faq2
/gpfs/work/pr23ys/di12faq2
2018-07-02
di12faq4
pr12ab
/home/hpc/pr12ab/di12faq4
/gpfs/work/pr12ab/di12faq4
2018-02-01

The new user account on SuperMUC-NG for “Erika Mustermann” is di12faq5. She only has one HOME directory, but a different WORK directory for each of her three projects:

User Account
on SuperMUC-NG

Projects IDs

HOME and SCRATCH
on SuperMUC-NG

WORK directories the user can access
on SuperMUC-NG

Password expiration
date


di12faq5
pr12xf, 
pr23ys,
pr12ab

/dss/dsshome1/<hash>/di12faq5
/hppfs/scratch/<hash>/di12faq5
/hppfs/work/pr12xf/di12faq5
/hppfs/work/pr23ys/di12faq5
/hppfs/work/pr12ab/di12faq5

2019-07-02


Programming Environment

For controlling other settings and gaining access to the software stack the Modules of the HPC Systems are used. You are strongly urged to read that document, because some additional configuration on your side may be needed and/or required to reliably perform environment setup within batch jobs.

By default, version 2019 (update 3) of the Intel Parallel Studio is loaded at login or when starting batch jobs. This is the recommended release for large-scale parallel programs. For compatibility with the installed software stack it may be necessary to switch to an older release using the following command:

module switch   devEnv/Intel/2019   devEnv/Intel/2018

Moving data from/to SuperMUC-NG

We provide several options to move data from/to SuperMUC-NG. All of them have in common that the IP-Address of the remote machine must be first enabled in the SuperMUC-NG firewall.

Details on the different data transfer options can be find here.

Access to Subversion (SVN) and Git servers

The SuperMUC firewall permits only incoming SSH-connections. You can use port forwarding to establish a connection between the subversion server and SuperMUC-NG,


  • No labels