Obtaining Login Credentials

Obtaining Authorization

The computational resources of IT4I are allocated by the Allocation Committee to a Project, investigated by a Primary Investigator. By allocating the computational resources, the Allocation Committee is authorizing the PI to access and use the clusters. The PI may decide to authorize a number of her/his Collaborators to access and use the clusters, to consume the resources allocated to her/his Project. These collaborators will be associated to the Project. The Figure below is depicting the authorization chain:

Note

You need to either become the PI or be named as a collaborator by a PI in order to access and use the clusters.

Head of Supercomputing Services acts as a PI of a project DD-13-5. Joining this project, you may access and explore the clusters, use software, development environment and computers via the qexp and qfree queues. You may use these resources for own education/research, no paperwork is required. All IT4I employees may contact the Head of Supercomputing Services in order to obtain free access to the clusters.

Authorization of PI by Allocation Committee

The PI is authorized to use the clusters by the allocation decision issued by the Allocation Committee.The PI will be informed by IT4I about the Allocation Committee decision.

Authorization by Web

Warning

Only for those who already have their IT4I HPC account. This is a preferred way of granting access to project resources. Please, use this method whenever it's possible.

This is a preferred way of granting access to project resources. Please, use this method whenever it's possible.

Log in to the IT4I Extranet portal using IT4I credentials and go to the Projects section.

  • Users: Please, submit your requests for becoming a project member.
  • Primary Investigators: Please, approve or deny users' requests in the same section.

Authorization by E-Mail (An Alternative Approach)

In order to authorize a Collaborator to utilize the allocated resources, the PI should contact the IT4I support (E-mail: support[at]it4i.cz) and provide following information:

  1. Identify your project by project ID
  2. Provide list of people, including himself, who are authorized to use the resources allocated to the project. The list must include full name, e-mail and affiliation. Provide usernames as well, if collaborator login access already exists on the IT4I systems.
  3. Include "Authorization to IT4Innovations" into the subject line.

Warning

Should the above information be provided by e-mail, the e-mail must be digitally signed. Read more on digital signatures below.

Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):

    Subject: Authorization to IT4Innovations

    Dear support,

    Please include my collaborators to project OPEN-0-0.

    John Smith, john.smith@myemail.com, Department of Chemistry, MIT, US
    Jonas Johansson, jjohansson@otheremail.se, Department of Physics, Royal Institute of Technology, Sweden
    Luisa Fibonacci, lf@emailitalia.it, Department of Mathematics, National Research Council, Italy

    Thank you,
    PI
    (Digitally signed)

Login Credentials

Once authorized by PI, every person (PI or Collaborator) wishing to access the clusters, should contact the IT4I support (E-mail: support[at]it4i.cz) providing following information:

  1. Project ID
  2. Full name and affiliation
  3. Statement that you have read and accepted the Acceptable use policy document (AUP).
  4. Attach the AUP file.
  5. Your preferred username, max 12 characters long. The preferred username must associate your surname and name or be otherwise derived from it. Only alphanumeric sequences, dash and underscore signs are allowed.
  6. In case you choose Alternative way to personal certificate, a scan of photo ID (personal ID or passport or driver license) is required

Warning

Should the above information be provided by e-mail, the e-mail must be digitally signed. Read more on digital signatures below.

Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):

    Subject: Access to IT4Innovations

    Dear support,

    Please open the user account for me and attach the account to OPEN-0-0
    Name and affiliation: John Smith, john.smith@myemail.com, Department of Chemistry, MIT, US
    I have read and accept the Acceptable use policy document (attached)

    Preferred username: johnsm

    Thank you,
    John Smith
    (Digitally signed)

You will receive your personal login credentials by protected e-mail. The login credentials include:

  1. username
  2. ssh private key and private key passphrase
  3. system password

The clusters are accessed by the private key and username. Username and password is used for login to the information systems.

Change Passphrase

On Linux, use

local $ ssh-keygen -f id_rsa -p

On Windows, use PuTTY Key Generator.

Change Password

Change password in your user profile.

Certificates for Digital Signatures

We accept personal certificates issued by any widely respected certification authority (CA). This includes certificates by CAs organized in International Grid Trust Federation, its European branch EUGridPMA and its member organizations, e.g. the CESNET certification authority. The Czech "Qualified certificate" (Kvalifikovan√Ĺ certifik√°t) provided by PostSignum or I.CA, that is used in electronic contact with Czech authorities is accepted as well.

Certificate generation process for academic purposes, utilizing the CESNET certification authority, is well-described here:

Note

Certificate file can be installed into your email client. Web-based email interfaces cannot be used for secure communication, external application, such as Thunderbird or Outlook must be used. This way, your new credentials will be visible only in applications, that have access to your certificate.

If you are not able to obtain certificate from any of the respected certification authorities, please follow the Alternative Way bellow.

A FAQ about certificates can be found here: Certificates FAQ.

Alternative Way to Personal Certificate

Follow these steps only if you can not obtain your certificate in a standard way. In case you choose this procedure, please attach a scan of photo ID (personal ID or passport or drivers license) when applying for login credentials.

Warning

Please use Firefox (clone) for following steps. Other browsers, like Chrome, are not compatible.

  • Go to COMODO Application for Secure Email Certificate.
  • Fill in the form, accept the Subscriber Agreement and submit it by the Next button.
  • Type in the e-mail address, which you intend to use for communication with us.
  • Don't forget your chosen Revocation password.
  • You will receive an e-mail with link to collect your certificate. Be sure to open the link in the same browser, in which you submited the application.
  • Your browser should notify you, that the certificate has been correctly installed in it. Now you will need to save it as a file.
  • In Firefox navigate to Options > Advanced > Certificates > View Certificates.
  • Choose the Your Certificates tab and find the fresh certificate with today's date.
  • Select it and hit the Backup... button
  • Standard save dialog should appear, where you can choose a name for the certificate file for easy identification in the future.
  • You will be prompted to choose a passphrase for your new certificate. This passphrase will be needed for installation into your favourite email client.

Note

Certificate file now can be installed into your email client. Web-based email interfaces cannot be used for secure communication, external application, such as Thunderbird or Outlook must be used (instructions bellow). This way, your new credentials will be visible only in applications, that have access to your certificate.

Installation of the Certificate Into Your Mail Client

The procedure is similar to the following guides:

MS Outlook 2010

Mozilla Thudnerbird

End of User Account Lifecycle

User accounts are supported by membership in active Project(s) or by affiliation to IT4Innovations. User accounts, that loose the support (meaning, are not attached to an active project and are not affiliated with IT4I), will be deleted 1 year after the last project to which they were attached expires.

User will get 3 automatically generated warning e-mail messages of the pending removal:.

  • First message will be sent 3 months before the removal
  • Second message will be sent 1 month before the removal
  • Third message will be sent 1 week before the removal.

The messages will inform about the projected removal date and will challenge the user to migrate her/his data