Safe User Guide

Hartree Centre Logo

Back to Contents Page

SAFE User Guide

The on-line Service Administration system is at URL external link: https://um.hartree.stfc.ac.uk/hartree/login.jsp

SAFE is the principal method used to manage project and user accounts. It also lets you view resource usage and submit queries. Here we provide a step by step guide.

Quick Links

The SAFE front page has a "Login" form and a link to "Sign Up".

SAFElogin.jpg

Login

Type your username (this is your email address) and password into the form to log into the SAFE system. If you do not have a username and password you need to Sign Up.

What if I've forgotten my password? To reset your password, click the Email button to request a new password.

Sign Up

Complete the form with your details to apply for an individual user account. You will normally do this if you are part of an approved Hartree Centre Project and your Project Initiator (PI) has asked you to do so.

SAFEdetails2a.jpg

If any details were typed in incorrectly or they change, you have the ability to edit these details after you log in.

Please note: we require an Institutional email address. If you use, for example, a gmail address you will see a field error message in the field such as “Forbidden email address gmail

We do not now require a SSH Public Key as a form of authentication (see below for details) but if you do not add one a password will be required to log on. However, using SSH Keys is a more secure and easier way to log on.

This is where you will also agree to the STFC Acceptable Use Policy. The policy is described here: external link: http://www.stfc.ac.uk/aup

Once you submit the form you will be asked to accept the Terms and Conditions of Access.

Please read these Terms and Conditions. By clicking the 'I accept the Terms and Conditions of 
Access' button you will be entering into a contract with us. If you do not agree to these Terms 
and Conditions, we will not be able to register you or allow you to use the service. 

Before accepting the Terms and Conditions, please note: you can change any of the details you
have input by clicking your browser's BACK button and then editing them. You can also change 
them later by returning to this website. 
These Terms and Conditions are offered only in English. 

You may read the terms of the agreement here.

Note: There are now new Terms and Conditions which includes the provisions detailed in both the Hartree Centre Acceptable Use Policy and the Hartree Centre Data Collection Policy.

A copy of this document can be found at: external link: http://community.hartree.stfc.ac.uk/access/content/group/admin/Hartree%20Centre%20policies/HC_statement_on_user_registration.docx

Click the button to accept the Terms and Conditions of Access.

You will then be sent an email with your SAFE Web ID and password.

Each authorised user will be allocated a base user name identifier of the form xxxnn e.g. axb92 (if you have no middle initial an ‘X’ is used instead). This will be combined later with the Group ID for the Project you belong, to give an overall UserID of the form xxxnn-aaann e.g. axb92-xyz01.

Note that this ID can be used when accessing both the Blue Gene/Q and iDataPlex systems in conjunction with your SSH key. If the Project you have joined has only been granted access to the Blue Gene/Q, you will not be able to logon and use the iDataPlex. Your access to the SAFE interface will always be via your username (email address) and web password.

When you have obtained a password and logged in you will receive a welcome message and after continuing you may well be asked to change your Web password due to expiry. Enter the password supplied and then the new password you want to use.

You should enter the SAFE web page at the ‘Main’ menu page (see below).

SSH Keys

An SSH public/private key pair is like an electronic signature that can be used in lieu of a password. You keep your private key secret but share your public key. If your public key is stored in the correct place on a remote computer, such as one of the Hartree Centre systems, you can login automatically if you've configured your computer to use your private key, and you've given that key an empty (blank) passphrase. Your SSH public/private key pair is recorded in the SAFE system. It is also used to generate the ~/.ssh/authorized_keys file, which is required for you to be able to login to Hartree Centre systems. You can manually add additional public keys to this file if you like (make sure they are on separate lines). For example, you may be logging in from multiple clients and be using a different ssh key pair on each client. MAKE SURE YOU TAKE A BACKUP before editing this file in any way!

On Windows

You can use PuTTYgen to create your key and PuTTY to access the systems. Alternatively, you could use Cygwin and follow the instructions below in the section "On Linux".

These instructions relate to PuTTYgen. First, download PuTTY and PuTTYgen from external link: external link: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and install them.

  1. Start PuTTYgen.
  2. Check that SSH-2 RSA is checked.
  3. The minimum ‘Number of bits’ is 1024 but you can change this number to 2048 for increased security by typing this number in the ‘Number of bits in a generated key’ box at the bottom of the window.
  4. Press ‘Generate’.
  5. Move your mouse randomly in the small screen in order to generate the key pairs.
  6. A key comment will be generated, which will identify the key (useful when you use several SSH keys).
  7. You can choose to enter a passphrase which has to be confirmed. The passphrase is used for extra protection for your key. You will be asked for it when you connect via SSH.
  8. Click “Save public key” to save your public key. Give it a meaningful name.
  9. Click “Save private key” to save your private key. You could give it the same name as the public key, but suffixed with "priv" to show that they are part of a pair. For example, if you called the public key "mykey", call the private key "mykey_priv". Make a note of the public key filename, as you will need it when logging in to the Hartree Centre systems.
  10. At the top of the PuTTYgen window, you will see a box containing the public key. It is a long string of characters beginning with "ssh-rsa" (assuming you didn't change the key type). Highlight the entire string and press CTRL+C (or right click, and Copy).
  11. Go to the field "SSH Public key" in the SAFE sign up page and paste in the Key using CTRL+V, (or right click, and Paste) or click the ‘Browse’ button and navigate to the public key file (e.g. mykey.txt).

Note that when you use PuTTY to access the Hartree Centre systems, you will need to ensure that it knows to use your SSH key. We provide instructions on this here under section 5.

You can see a small movie of using PuTTYgen external link: here

On Linux and Mac OSX

You can create an ssh key pair in a terminal window as follows: Use the ssh-keygen utility to create your key. For a 2048 bit RSA key do:

$ ssh-keygen -t rsa

For increased security you can make an even larger key with the -b option. For example, for 4096 bits do: $ ssh-keygen -t rsa -b 4096

  1. When prompted, you can press Enter to use the default location (/home/your_username/.ssh/id_rsa on Linux, or /Users/your_username/.ssh/id_rsa on Mac) if you don't already have a key installed, or specify a custom location if you are creating a second key (or just want to for whatever reason).
  2. You can choose to enter a passphrase at the prompt or just hit enter (twice) to leave the passphrase blank. Using a passphrase is more secure, but you will need to type it in each time you make a connection using this key pair. This is just a password used to unlock your key. If someone else gets a copy of your private key they will be able to log in as you on any account that uses that key, unless you specify a passphrase. If you specify a passphrase they would need to know both your private key and your passphrase to log in as you.
  3. Your private key should now be in the location you specified, and your public key will be at that same location but with '.pub' tacked onto the filename.
  4. Change to the directory containing your public key and display the key by typing

cat id_rsa.pub

5. Highlight and copy the entire string beginning "ssh-rsa"

6. Go to the field "SSH Public key" in the SAFE sign up page and paste in the Key using CTRL+V, (or right click, and Paste).

Please Note: at the time of creating a UserID, we use the most recent SSH Key. Additional keys that are uploaded to SAFE will not be updated automatically so if you want to use a different Key after the UserID is created you must tell us via an email to hartree@stfc.ac.uk.

See also Section 5 of this guide under SSH Keys.

Main Page

SAFEMain.jpg

This menu displays information such as “Your details” and information about your project and group. There are also various buttons to allow you to ‘Request Join Project’, ‘Compose’ a new helpdesk query and ‘View’ current and recent helpdesk queries.

Finally, if you have joined a Project, you can ‘Go To The Report Generator’ which allows you to generate reports from the Hartree service usage data for any projects you manage and for your own user accounts. These are explained in more details below.

New Users must join a project to get a user account.

View user mailings

This allows you to select mailings from Project Managers.

Your details

These are the contact details you supplied on sign up. There are also buttons to allow you to ‘update’ these details, update Email Address and ‘Change Web Password’.

Request project membership

By clicking on ‘Request Join Project’ you can request to join a project. Choose a Project from a drop down menu and enter the signup password for the Project. This signup password will have been supplied to you by the PI of the Project. Click on ‘Request’ to obtain a UserID. It will then be the responsibility of your PI to ‘process’ and accept your request.

Current and recent helpdesk queries

The ‘View’ button produces a page showing a table containing just your current queries but all your queries can be displayed if required. Clicking on the ID number shows more information.

Once you have joined a Project, other boxes will be present.

Your user account

SAFEaccounts.jpg

You can view your Username(s), Machine and Status. An account with status New is waiting for approval from a project manager. An account with status Pending has been approved but has not yet been created.

For ‘Active’ users, clicking ‘View’ takes you to a page where you can request a New Password, View your machine password (requires web password) and add an additional certificate.

Reporting

SAFEreporting.jpg

This allows you to generate reports from the Hartree service usage data for the projects you manage and for your own user accounts. Click on the ‘Go To The Report Generator’ button to see reports that you may run. (These are the reports that you may currently run on the accounting database).

PI Perspective

In addition to the above, there will be other options if you are a project PI such as a box showing which Projects you manage and a button to ‘Administer’ this account

When a user joins your Project you will see an extra box.

SAFEproject.jpg

Click the ‘Process’ button to accept or reject the new user.

Once this has been completed, click the ‘Administer’ button to bring up a page which shows you details of the project, such as PI and Description, which can be ‘updated’.

SAFEadmin.jpg

A list of Groups within the Project is also shown and buttons are available for:

  • Project Group Administration

Project groups are arranged in a tree structure. By default there is a root project-group that represents the project as a whole. Each member of your project has one UNIX account for each group they are a member of. Use this page to ‘Add New’ Group and to add or remove additional managers for project groups.

Clicking on any Group allows you to create new accounts and so give people access to the resources in groups. Click ‘Add Accounts’, choose a user from the drop down menu (you only see those that you have approved when joining the Project) and click ‘Create’.

  • Manage Project Resources

Projects have a limit to the amount of service-machine runtime they can use. This 'time budget' is measured in Allocation-Units (AU). You can move AUs from your initially created ‘reserve budget’ into your project's main budget, or into the budget of any of your subgroups. Disk quotas can be managed on a per user basis, or by group.

If you have any difficulties, please contact the helpdesk at hartree@stfc.ac.uk or phone the Partner Support Helpdesk on +44(0)1925 603444