Some applications on our systems (e.g Matlab) have a graphical user interface. To be able to display windows from an application running on an NSC system on your own computer, you need two things:
-Xoption to ssh, e.g
ssh -X firstname.lastname@example.org.
Note: For better performance when running graphical applications, we recommend using ThinLinc (See below) - a remote desktop/visualization software.
Note: Thinlinc is only available on Triolith and Gamma.
ThinLinc is a remote desktop solution from Cendio Systems. See the Cendio website for a complete description.
By running the X server on a server in the cluster (i.e closer to your application) and using an efficient method for delivering the image to your local computer (VNC-based), most graphical applications will run significantly better than when using X-forwarding tunneled through SSH.
ThinLinc can also make use of a graphics card in the ThinLinc server to provide hardware acceleration to OpenGL applications (e.g VMD, Maestro, Gaussview).
Here are some use cases:
Using accelerated OpenGL applications
Perhaps you want to run a graphical user interface (GUI) that is using OpenGL (e.g VMD) to visualize data that is located at NSC. Rather than moving a large amount of data to your local computer and visualize it there, you can run the GUI directly on an NSC system and display the window on your computer with much better results (higher framerate etc) than using traditional X-windows tunneling through SSH.
Modern GUIs that do not run well using X-forwarding
Certain graphical user interfaces are implemented with no regard for performance when tunneled through SSH on a connection with high latency, and will be more or less unusable. Since ThinLinc presents a local X server to the application (with almost zero latency) and handles the transportation of the graphics data invisible to the application, it can perform much better for these types of applications.
The ThinLinc client can be downloaded for free from http://www.cendio.com/downloads/clients/. It is available for Windows, Mac OS X, Linux and Solaris.
To use ThinLinc to connect to Triolith:
Download the client matching your local computer (i.e Windows, Linux, MacOS X or Solaris) and install it.
Start the client.
Change the "Server" setting to "triolith-thinlinc.nsc.liu.se" (Do NOT use "triolith.nsc.liu.se", it will only work under certain conditions).
Change the "Name" setting to your Triolith username (e.g x_abcde).
You do not need to change any other settings.
Enter your Triolith password in the "Password" box.
Press the "Connect" button.
The first time you connect, you will get a message saying "The server's host key is not cached...". Verify that the server key for triolith-thinlinc.nsc.liu.se is "4d:66:25:46:82:a9:1c:bc:8c:04:77:b9:b0:6b:64:8b", then press Continue.
After a few seconds, a window with a simple desktop session in it will appear. From the Applications menu, start a Terminal Window. You are now logged in to Triolith and can submit jobs, start interactive sessions, start graphical interfaces as usual.
Please note that all Triolith applications are available on the ThinLinc server, not just the ones listed in the Application menu.
To log out end end your session, click the green "running man" icon to the right of the Applications menu and select Logout.
The default session is a fullscreen session (will cover your entire screen). If this is not what you want, you can change it in the ThinLinc client settings. Click Options, select the Screen tab and deselect Full Screen Mode. You will then get a window with your Triolith desktop inside it, which you can resize to whatever size you want.
In most cases you also want to disable the session option "send system keys". This option is on by default, and it means that "system keys" (e.g Alt-Tab, Cmd-Tab etc) are sent to the ThinLinc server and not to your local computer while the ThinLinc session is running.
Instructions are similar to Triolith except you need to change the server setting to "gamma.nsc.liu.se" and use your Gamma account to login. Please also notice that gamma.nsc.liu.se's server key is "fb:ba:04:38:7b:7c:f4:c0:8c:d0:69:ef:66:77:47:dc".
If you use SSH public key authentication to login to Triolith you need to do this to use this method also for ThinLinc:
Start the ThinLinc client
In the "Security" tab, Change "Password" to "Public key"
The "Password" box has now changed to "Key". Click the browse button to the right of the Key field and select your SSH private key file (or enter the path to your key directly)
Press the "Connect" button.
Enter the passphrase for your SSH private key (if you don't have one, you really should…)
Note: you will need to enter your SSH key passphrase each time you log in. This is due to the ThinLinc client not being integrated with the Linux ssh-agent.
If you want to use SSH keys loaded into ssh-agent to connect to ThinLinc, you can do that by modifying your ThinLinc client.
The method described below is unsupported by Cendio and NSC. Use it at your own risk. However, it's unlikely that anything can go wrong that you cannot fix by reinstalling the ThinLinc client.
This has been tested on Ubuntu Linux running the ThinLinc client version 4.1.1, but it will probably work with other Linux distributions and ThinLinc client versions. Note: you will have to re-apply this fix every time you upgrade the ThinLinc client.
If you use this fix, the ThinLinc client will use any keys from your ssh-agent to log in regardless of whether you have specified password or public key login in the client settings. Recommendation: set client to use password and don't enter anything into the password box.
To apply the fix, run the following as root on your Linux client:
mv /opt/thinlinc/lib/tlclient/ssh /opt/thinlinc/lib/tlclient/ssh.real cat > /opt/thinlinc/lib/tlclient/ssh <<"EOF" #! /bin/sh # SSH wrapper for ThinLinc client to enable using keys loaded into # ssh-agent to be used TLSSHARGS="$*" # Only try to use this method if an ssh-agent is actually running if [ "$SSH_AGENT_PID" != "" ] ; then SSH_AUTH_SOCK="$MY_SSH_AUTH_SOCK" if [ -S "$SSH_AUTH_SOCK" ] ; then TLSSHARGS="`echo "$*" | sed s/\-o\ PubkeyAuthentication=no//`" fi fi # Run the real SSH client exec $0.real $TLSSHARGS EOF chmod 755 /opt/thinlinc/lib/tlclient/ssh mv /opt/thinlinc/bin/tlclient /opt/thinlinc/bin/tlclient.real cat > /opt/thinlinc/bin/tlclient <<"EOF" #!/bin/bash # ThinLinc client wrapper to enable using SSH keys loaded into # ssh-agent for authentication. # # Since ThinLinc will unset $SSH_AUTH_SOCK, we need to save the value # of it into another variable. export MY_SSH_AUTH_SOCK="$SSH_AUTH_SOCK" # Launch the real ThinLinc client exec $0.real $* EOF chmod 755 /opt/thinlinc/bin/tlclient
In order to make use of hardware-accelerated OpenGL, the application needs to be launched in a certain way.
Some applications have already been modified to do this automatically. The applications listed below will automatically be accelerated when run from ThinLinc, so you just need to start them manually.
GaussView (e.g "module add gaussview/5.0.9; gv")
VMD (e.g "module add vmd/1.9.1; vmd")
Maestro (e.g "module add schrodinger/2012u1-nsc; maestro")
VESTA (e.g "module add vesta/3.1.3; vesta")
All other OpenGL applications needs to be launched using "vglrun", e.g "vglrun SOME_OPENGL_APPLICATION".
Please note that in order to use accelerated OpenGL with ThinLinc we had to make changes that sometimes prevents using OpenGL applications over normal X-forwarding (using SSH).
If you login using SSH and cannot launch a graphical application, try using ThinLinc instead. You can also try
LD_PRELOAD=/usr/lib64/libGL.so <application>, this will enable software emulated OpenGL which will allow the application to run but with reduced graphical performance.
If you close your ThinLinc client or explicitly disconnect, your session on Triolith will still be running, and you will automatically be reconnected to that session the next time you login to ThinLinc.
If you will not be using ThinLinc for a few days, we recommend logging out (using the green "running man" logout icon in the ThinLinc desktop).
NSC reserves the right to log out sessions that have been idle for a significant time. Also, if a login node is rebooted, all ThinLinc sessions on that node will be logged out.
If you have no current ThinLinc session, your next one will be on the login node with the lowest load. You can not control which server your next session will use. If you need to access the other login node, login to it using SSH (e.g "ssh triolith2").