Greetings all HPC Users,
We will be removing direct access to the HPC Login Node soon alongside the implementation of VPN. Direct SSH into the HPC login node will no longer be possible once VPN is fully implemented and enforced. Here, we prepared some information that all HPC users would need to know.
Why implement VPN in the current HPC?
- Over the years, we are unable to support several popular applications due to the fact that they require users’ PCs to be on the HPC network to work properly. Thus, VPN is required to ensure users can be located on the HPC network.
- To simplify things, we would also like to remove the difficulty of users in setting up SSH Proxy in order to access certain internal resources. With VPN, users can access said resources with the ease of one connect button.
- Besides that, VPN also acts as another layer to protect our users from security attacks. IPs with excessive failed authentication with the VPN gateway will be blocked for a limited amount of time to prevent brute force attacks against user passwords.
What does this mean for you?
- In the future, all users are required to establish a connection with the VPN gateway in order to access the HPC Login Node. You will no longer be able to directly SSH into the HPC Login Node.
- After establishing a VPN connection, all other HPC activities will remain unchanged. Access to internal resources including, but not limited to Open OnDemand and VNC sessions will no longer require a SSH proxy.
- Users with an expired password will not be able to authenticate with the VPN Gateway, so make sure you update your password immediately if the system prompts about expired password. You must request a password reset if your password expired while trying to authenticate with the VPN gateway.
- Data transfer might experience some drop in bandwidth due to VPN overhead, but we are aware of this and are able to accept the drawback for the benefits VPN gives.
What do DICC need from you?
- Before we fully cut off the channel to access the HPC Login Node directly, we would like to call for testing on VPN implementation, in order to ensure all active users are able to establish a VPN connection.
- We appreciate any feedback or input on the VPN usage in order for us to ensure all users have the best experience while using the VPN, and make adjustments if necessary.
- Visit the VPN page in the documentation site for a detailed guide, and attempt to establish a VPN connection before using any HPC resources. If a VPN connection is successfully made, you should be able to directly visit umhpc.dicc.um.edu.my for Open OnDemand site without needing to setup a SSH Proxy.
- Provide feedback on the usage and report any errors you encountered during the testing in our service desk.
- There might sometimes be connection disruption as we fine-tuning the VPN server settings on-the-go, but we will try our best to minimize the service interruption.
Thank you very much for your patience over the years while we were trying to improve the HPC infrastructure and implementation. Join our newly created DICC Official Telegram Channel to receive latest news and updates.
If you have any questions, please let us know.
Thank you.