This page was translated by an AI (LLM) with a cursory human check and is awaiting full review.
Declaration of login machines
Any machine used to access an IDRIS supercomputer must be registered in the IDRIS filters.
To do this, every user must provide, when requesting the creation of a computing account, the list of machines from which they will connect to the IDRIS supercomputer (IP addresses and names).
Adding/removing a login machineβ
The update (addition/removal) of the list of machines associated with an account can be requested by its owner using the Account Management Form. This form must be completed and signed by the user and the laboratory security officer, then sent to gestutil@idris.fr.
The declared IP addresses must be institutional IP addresses. Personal IP addresses are not allowed to connect to IDRIS machines.
Laboratory security officerβ
The laboratory security officer is the network/security contact person for the laboratory with respect to IDRIS. They must ensure that the configuration of the machine from which the user connects to IDRIS complies with the latest rules and practices in IT security and must be able to immediately close the user's access to IDRIS in case of a security alert.
Their name and contact details are sent to IDRIS by the laboratory management using the Account Management Form. This form is also used to inform IDRIS in case of a change of security officer.
How to access IDRIS while teleworking or on a mission?β
For security reasons, we cannot allow access to IDRIS machines from non-institutional IP addresses. For example, it is not possible to connect directly from your personal connection. In this case, you will need to use a VPN or go through a jump host managed by your laboratory's security officer.
Using a VPNβ
The recommended solution for accessing IDRIS resources when you are mobile (teleworking, on a mission, etc.) is to use the VPN (Virtual Private Network) service of your laboratory/institute/university. A VPN allows you to access remote resources as if you were connected directly to your laboratory's local network. It is still necessary to register the IP address assigned to your machine by the VPN by following the procedure described above.
This solution has the advantage of making it easier to use IDRIS services accessible via a web browser, such as the extranet or JupyterHub.
Using a jump hostβ
If using a VPN is not possible, you can still SSH into a jump host in your laboratory, from which Jean Zay is accessible (which implies having registered the IP address of this jump host).
vous@ordinateur_portable:~$ ssh login_rebond@machine_rebond
login_rebond@machine_rebond:~$ ssh login_idris@machine_idris
Note that it is possible to automate the jump via the ProxyJump options of SSH to be able to connect using a single command (for example ssh -J login_rebond@machine_rebond login_idris@machine_idris).
How to access IDRIS occasionally from abroad?β
The request for machine authorisation must be made by the missionary who completes the 2nd box on page 3 ("Box to be completed in case of a stay abroad") of the Account Management Form. A ssh temporary access on all the centre's machines is then activated.