This guide shows us how to connect to the compute node via SSH and a graphical connection using VNC.
- Lumerical-AWS integration configuration is required.
- Obtain your compute node's Public IP address. See the AWS documentation: Obtaining your EC2 instance IP Address from the AWS management console for details.
- The VNC server is configured and started on all compute instances automatically, but it is not accessible from outside of the virtual private cloud.
- To gain access, you must either use tunneling via SSH (recommended and secure option) or manually allow inbound network traffic on TCP port 5900 (insecure).
Allowing VNC access
>>> import lumerical.sws
>>> lumerical.aws.start_compute_instance(name='NAME', num_instances=NODE_COUNT, vnc_password='VNC_PASSWORD')
has an optional argument "VNC_PASSWORD" that will be set on all newly started compute instances to allow VNC access.
- The password must be all ASCII characters.
- If no password is specified, the VNC server will use the WORKGROUP_ID as the VNC password.
- The VNC password used is shown on the report once the nodes are launched and running.
Using an SSH Tunnel
Using SSH tunneling (e.g port forwarding) is the recommended and most secure way to use VNC to access the compute instances in a virtual private cloud. Once the tunneling is in place, you can use a VNC viewer and connect to your "local host" at port 5900.
Connect to "localhost:5900" and Do Not Connect directly to the IP address of the node.
Configure SSH tunneling
- Download and Install Putty from the Putty download page. It is recommended to install the entire suite.
- To access via VNC (optional), download and install VNC Viewer from RealVNC viewer download page.
- To use VNC viewer we must first create a private key, using PuttyGen
Generate Private Key
- Run PuttyGen
- Load your AWS keypair (.pem), which you created in the configuration section.
- Under Type of key to generate, choose SSH-2 RSA.
- Choose “Save Private Key” without a passphrase, and save it in a secure location as (.ppk) file
- Under the Host Name (or IP Address) enter "ec2-user@Public_IP" of the first compute node instance reported by the command,
- Under "Session", choose SSH as the connection type and 22 as the port
- Under Connection > SSH > Auth
- Check "Display pre-authentication banner"
- Uncheck "Bypass authentication entirely"
- Click "Browse" and load the private key (.ppk) file generated with PuttyGen.
- Adding a tunnel,
Connection > SSH > Tunnel
- Use 5900 for the Source Port
- Enter localhost:5900 for the Destination and choose Local and Auto options
- "Add" this tunnel to Putty
- Under "Session", enter your "desired session name" and click "Save" to save your correct SSH/tunnel configuration in Putty.
It is sometimes more useful to connect to the head computing node through VNC to closely monitor the status of a job, or to manually start a single large job.
- Connect via Putty as shown above.
- Open VNC Viewer
- Enter localhost:5900 as the VNC server address, and “Connect”
- The viewer will prompt you for a password.
- Use the password you used when launching your compute nodes.
- If you did not enter any vnc_password, please check the compute node's status and the vnc_password will be the workgroup_ID shown on the status report.
- Your local Linux workstation, should come with openSSH.
- You will be using the keypair created on the configuration section.
- Open an SSH tunnel for port 5900
$ ssh -L 5900:localhost:5900 -N -f -l ec2-user -i keypair.pem <public_IP>
- ec2-user: default root user created by AWS for Linux instances.
- keypair.pem: keypair created in the configuration section.
- PUB_IP: public IP address of your instance.