Argonne National Laboratory

GM/CA @ APS

Remote Access

Department of Energy Office of Science
GM/CA @ APS Sponsors:
National Institute of General Medical Sciences (NIGMS) and National Cancer Institute (NCI) of the National Institutes of Health (NIH)
 

 

Remote Access Frequently Asked Questions

Remote Access Frequently Asked Questions
Q:How can I gain the remote access to GM/CA @ APS computers?
A:The remote access needs to be requested when applying for beamtime. There is a checkmark in the user account setup utility that enables remote access after the beamtime is granted. You will also need to specify the IP domain(s) from which you are planning to login. Keep in mind that many institutional networks are behind the firewalls. Please use the "Show my IP" tool to find out how your IP is exposed to us. As a security protection, we only open our computers to requested IP domains, but you may specify multiple domains.
 
Q:What network speed should I have in order to be able to collect data remotely?
A:Please read the Speed Benchmarking page.
 
Q:Can I improve my connection speed?
A:It may be possible to improve the speed by tuning the TCP parameters on your computer, although the administrative access to your computer and some computer administrating skills may be required. Please read the fasterdata.es.net guide.
 
Q:How long can I use the remote access capability?
A:The NOMACHINE™ remote access is provided to two beamline computers ('acquisition' and 'processing') during allocated beamtime and solely for collecting and analyzing data in parallel. These computers can also be accessed by SSH/SFTP, but it is not recommended since may affect your data acquisition and processing speeds. Additionally, the NOMACHINE™ and SSH access is provided to our second-day-area computer for two more days solely for backing up data. The remote access resources are mapped in the following table:
Computer Primary Purpose Primary Access Other Access Availability
blXws2 Acquisition NOMACHINE™ SFTP/SCP Day 1
blXws3 Acquisition
(alternative)
Teamviewer™ - Day 1
blXws6 Processing NOMACHINE™ SFTP/SCP,
Teamviewer™
Day 1
blXws5 Backup NOMACHINE™,
SFTP/SCP,
Globus GridFTP,
bbcp,
FDT
NOMACHINE™ Days 1-3

Here X=1 for 23ID-D and X=2 for 23ID-B. The full URLs are blXwsN.gmca.aps.anl.gov.

Please request additional SCP/SFTP connection details from your host or see the SCP/SFTP information below.
 
Q:Can I have an extended or permanent remote access?
A:Long-term remote access to GM/CA @ APS systems is not provided. The major consideration behind such policy is to prevent overloading our systems, which may slow down data collection or processing for the groups doing experiments during their allocated beamtime.
 
Q:Why do I have to login on different systems for 23ID-D and 23ID-B?
A:The two beamlines have independent computing systems with different NX™ servers, different account management, and different subnets.
 
Q:What types of operating systems can I use for remote access?
A:Supported platforms are MacOS, Windows,and Linux. Check the NOMACHINE™ and TeamViewer™ web sites for additional details.
 
Q:While installing NxPlayer, I am getting "Application blocked by Security Settings".
A:This is related to enhanced Java security introduced in Java-1.7.51 and after. The Java Applet for installing NxPlayer is self-signed by NOMACHINE. For security reasons Java blocks such applets unless the web site hosting the applet is added to the Exception Site list on Java Control Panel. Please open Java Control panel and add https://www.gmca.aps.anl.gov to the list according to the Oracle instructions. On Windows and MacOS the panel can be launched through the main OS control panel. On Linux it can usually be started from one on these locations:
	/usr/bin/jcontrol
	/usr/java/latest/bin/jcontrol
	/usr/java/latest/jre/bin/jcontrol
    
Once the panel is open, proceed to the Security tab and press the "Edit Site List" button, the press "Add".
 
Q:I cannot make Java working. How can I install NxPlayer without Java?
A:Manual installation of NxPlayer is completely feasible. It requires a few extra steps compared to automatic installation using Java, but sometimes doing these extra steps may be easier than making Java to work.
  • If you have admin rights to your computer, download and install the NOMACHINE Enterprise player for your operating system from the NOMACHINE website; then start the nplayer.
  • Alternatively or if you do not have admin rights to your computer, download zipped NxPlayer package for your operating system from the GM/CA web site; then uncompress the archive, locate and start the "nxplayer" executable.
  • Skip to the "Recent connections" screen
  • Click on the "Open a connection" icon and load the preconfigured NX session file saved from Table-2

 
Q:What are the requirements to hardware?
A:Network connectivity must be ADSL or faster. Minimum video resolution is 1280x1024, but 1600x1200 or higher is strongly recommended.
 
Q:Are dual monitors supported?
A:Yes, but with some restrictions: both monitors should be set to the same color depth. See the NOMACHINE™ article for additional details.
 
Q:I am having problem to start NxPlayer.
A:This may happen sometimes because of the NxPlayer cache left after your previous beamtime. The NX™ client software is automatically updated when new releases become available and the cache corresponding to an older version may become incompatible. The recipe is to wipe the cache by deleting the .nx directory. If your computer is Unix/Linux or Mac, the .nx directory is located under your home directory. On Windows it is under "C:\Users\<username>".
If you are trying to install or update NxPlayer through our web page, the later uses a program Java Web Start (javaws) which is a part of Java on your computer and then there might also be a problem with Java cache. If your computer is Linux, try to wipe .java subdirectory in your home directory. On MacOS it is going to be "/Users/<username>/Library/Caches/Java" and on Windows "C:\Users\<username>\Local Settings\Application Data\Sun\Java".
Some recent versions of Linux (namely Ubuntu of Fedora) may not have support for 32-bit applications. The portable version of NxPlayer distributed by us either via Java installation or via manual download is a 32-bit application and require 32-bit support in the operating system. To check if it is your case, open a terminal, find nxplayer and try to run it as "./nxplayer". When no 32-bit support is available, you will see the message "no such file or directory", although the file exists. In this situation you either need to add 32-bit support to the OS or to download a 64-bit version of NOMACHINE Enterprise Player. Both of these solutions require administrative access to your computer.
 
Q:When I am trying to login, the NX™ client keeps telling me "Authentication failed".
A:Perhaps there was a miscommunication with your host about remote access or you are trying to login from a computer, which IP does not match the IP range you provided to us (see the "Show my IP" tool), or you are trying to login too early (your beamtime has not started) or too late (your beamtime is ended), or you are trying to login to incorrect beamline (e.g. 23ID-B instead of 23ID-D or vice versa). In any case please STOP and contact your host. If your login attempts fail too many times, the ANL automatic protection system may treat you as a hacker and automatically ban your IP, which will make the issue much harder to resolve. The same applies to unsuccessful SSH and SFTP logins: do not try more than three times; instead contact your host. You can also run Check Credentials tool which will let you check your password, eligibility of your IP address and the dates when you are allowed to login.
 
Q:My connection was blocked, but I swear that I did not try to login many times. What did I do wrong?
A:There might be two scenarios when NxPlayer tries to login on its own. First, older versions of NxPlayer (version 4.3 and before) were prone to a "preventive login" bug when the player would periodically try to login before user enters his username and password. Second, it could happen if you checked a box for saving passwords. Then, again the NxPlayer may repeatedly try to log you in. If you saved an incorrect password you trying to login beyond you beamtime window, the rejected logins may lead to a firewall block. Please do NOT check the NxPlayer box for saving passwords!
 
Q:When I am trying to login, the session is terminated before I get any connection.
A:This is most likely an obsolete cache problem on either client or server side. See instructions above on cleaning cache at your side. To clean cache at the server side, either ask your host or ssh to respective GM/CA @ APS computer and type:
rm -Rf .nx
Try again after the cache is deleted.
 
Q:NX™ Shadow session does not work: as soon as I connect, I kick out my party and vice versa.
A:When two users login via NX with the same account and one opens a virtual desktop session, the default behavior for the second user is to take over. Use this keys combination: "Ctrl + Alt + Double-click" on the active virtual session to achieve shadowing in NxPlayer (Cmd + Alt + Double-Click if you are using MacOSX).
 
Q:How to end the NX™ session properly?
A:- To close all of your programs properly, you should use session logout as shown in the illustration below.

A common mistake is to click on the cross at the top of NX™ window. That gives two options: "Disconnect" and "Terminate".

Terminating is OK since it has the same effect as logout. Disconnecting leaves the session and all programs inside it running at the GM/CA @ APS computer. We shall have to kill them after your beamtime is ended and it may result in corrupting files opened by the applications.
 
Q:Are there any other known problems?
A:- If Windows computer has Cygwin installed and the cygwin.dll is in the system path, that may cause a conflict with NX™ client installation. Upgrading cygwin and NX™ to their latest versions usually fixes the problem. Alternatively, remove the cygwin directories from the system path.

 
Q:Are there any alternatives to NX™?
A:- You may try to use TeamViewer™. Read our TeamViewer™ guide.
 
Q:How can I start/use Pilatus or Eiger software when I am remote?
A:- Indeed, Pilatus software runs on a separate computer. Pilatus and Eiger servers have no graphical interface and you do not need to see an output of them. Simply click on the detector icon in the panel area at the top of the screen:

and make sure a new minimized terminal window has opened.
 
Q:Coot or Pymol fail to start in NX session. What is wrong?
A:- Coot and Pymol use OpenGL capability of X11 provided by the graphics driver. Depending on the computer where the NX™ client is running, this capability may or may not be supported. If this happens, try to set the LIBGL_ALWAYS_INDIRECT environment:
export LIBGL_ALWAYS_INDIRECT=1
Then try to start Coot or Pymol again from the same terminal window.
 
Q:How can I offload my data?
A:- You need to use either Globus Online, or SCP/SFTP, or bbcp, or FDT. Among these tools, Globus Online, bbcp, and FDT may be 2-3 times faster than SCP/SFTP for bulk transfers, but they may suffer from firewall blockages as they use multiple TCP ports. If you face such blockage, you need to either resolve it with network administrator at your institution or revert to more conservative SCP/SFTP that uses standard port 22.
Globus Online is basically a gridFTP service with a convenient web browser interface developed by several US research institutions including Argonne. It is between 2x and 3x faster than SCP, which is a considerable advantage for transferring large amounts of data in spite of one-time effort to setup and limited sync capability (support for continuous sync is in progress). If you are interested in this free service, please check the details in our Globus Online User Guide.
Unlike Globus, bbcp and FDT do not require creating any additional accounts while being equally fast. However, they do not have rsync capability and the command line syntax is somewhat cumbersome.
All data transfers use a dedicated workstation blXws5 (X=1 for 23ID-D and X=2 for 23ID-B). It is accessible from declared IP domains during your beamtime and for two extra days after the beamtime is ended. In principle, blXws6 may also be used for SCP/SFTP only, but the primary task of that workstation is data processing and then it is only available during beamtime. You may use any SCP/SFTP client available for your platform and supporting SSH2, but it is preferred to deploy those clients that preserve files time stamps. Among command line clients, rsync and openssh are perhaps the most commonly used. Both are included with Linux and MacOS while on Windows they are available with Cygwin. The command lines for transferring data with rsync and openssh will look like this (these should be executed on a computer in your lab):
rsync -avz -e ssh username@blXws5.gmca.aps.anl.gov:/remote/dir /my/local/dir/
scp -rp username@blXws5.gmca.aps.anl.gov:/remote/dir /my/local/dir/
Among SCP/SFTP clients with friendly graphical user interface you may try (listing these clients here does not mean our endorsement): Keep in mind that SCP works faster than SFTP, but in general SFTP/SCP are not very fast data transfer protocols. In some cases shipping an external hard drive along with your samples might be a better option.
 
Q:How can I learn more about GM/CA @ APS remote access?
A:Study our Remote Operations Manual for Users. Also, check our remote access video demo (please turn on the sound!).
 

 


GM/CA @ APS is an Office of Science User Facility operated for the U.S. Department of Energy Office of Science by Argonne National Laboratory

UChicago Argonne LLC | Privacy & Security Notice | Contact Us | A-Z Index | Search