Update Remote Access server docs
This commit is contained in:
@ -41,25 +41,21 @@ local computer and merlin.
|
|||||||
|
|
||||||
Two servers are enabled for exporting data from Merlin to outside PSI.
|
Two servers are enabled for exporting data from Merlin to outside PSI.
|
||||||
These Remote Access Merlin servers are the following:
|
These Remote Access Merlin servers are the following:
|
||||||
* **'ra-merlin-01.psi.ch'**: standard password authentication (with PSI password)
|
* **'ra-merlin-01.psi.ch'**
|
||||||
* `/data/user` mounted in RO (read-only)
|
* **'ra-merlin-02.psi.ch'**
|
||||||
* `/export` directory in RW (read-write). `/export` is also visible from login nodes.
|
Both servers have mounted the following Merlin filesystems:
|
||||||
* **'ra-merlin-02.psi.ch'**: ***Two factor authentication*** (2FA), required **RSA SecurID** token (same as VPN)
|
* `/data/project` directories mounted in RW on demand. Project responsibles must request it.
|
||||||
* `/data/project` directories mounted in RW on demand. Project responsibles must request it.
|
* `/data/user` mounted in RW (read-write)
|
||||||
* `/data/user` mounted in RW (read-write)
|
* `/data/experiment/mu3e` directories mounted in RW (read-write), except `data` (read-only mounted)
|
||||||
* `/export` directory in RW (read-write). `/export` is also visible from login nodes.
|
* `/export` directory in RW (read-write). `/export` is also visible from login nodes.
|
||||||
|
Access to the Remote Access server uses ***Multi factor authentication*** (MFA).
|
||||||
In the future, **'ra-merlin-01.psi.ch'** will be also configured with 2FA and will mount the same
|
Therefore, having the Microsoft Authenticator App is required as explained [here](https://www.psi.ch/en/computing/change-to-mfa).
|
||||||
as **'ra-merlin-02.psi.ch'**. In the meantime, we keep **'ra-merlin-01.psi.ch'** with standard authentication
|
|
||||||
until we can ensure that most of the Merlin users have a RSA SecurID token or until PSI security policy makes
|
|
||||||
its use mandatory. Using **'ra-merlin-02.psi.ch'** over **'ra-merlin-01.psi.ch'** is always recommended (2FA
|
|
||||||
is always more secure than standard authentication)
|
|
||||||
|
|
||||||
### Directories
|
### Directories
|
||||||
|
|
||||||
#### /data/user
|
#### /data/user
|
||||||
|
|
||||||
User data directories are mounted in RO on 'ra-merlin-01', and RW on 'ra-merlin-02'.
|
User data directories are mounted in RW on both 'ra-merlin-01' and 'ra-merlin-02'.
|
||||||
|
|
||||||
{{site.data.alerts.warning}}Please, <b>ensure proper secured permissions</b> in your '/data/user'
|
{{site.data.alerts.warning}}Please, <b>ensure proper secured permissions</b> in your '/data/user'
|
||||||
directory. By default, when directory is created, the system applies the most restrictive
|
directory. By default, when directory is created, the system applies the most restrictive
|
||||||
@ -97,7 +93,7 @@ Ensure to properly secure your directories and files with proper permissions.
|
|||||||
|
|
||||||
Optionally, instead of using `/export`, experiments with a Merlin project can request Read/Write or Read/Only access to their project directory.
|
Optionally, instead of using `/export`, experiments with a Merlin project can request Read/Write or Read/Only access to their project directory.
|
||||||
|
|
||||||
{{site.data.alerts.tip}}<b>Merlin projects can request direct access on 'ra-merlin-02.psi.ch'</b>
|
{{site.data.alerts.tip}}<b>Merlin projects can request direct access.</b>
|
||||||
This can be configured in Read/Write or Read/Only modes. If your project needs access, please,
|
This can be configured in Read/Write or Read/Only modes. If your project needs access, please,
|
||||||
contact the Merlin administrators.
|
contact the Merlin administrators.
|
||||||
{{site.data.alerts.end}}
|
{{site.data.alerts.end}}
|
||||||
|
|||||||
Reference in New Issue
Block a user