• Manuals

Browse the manual

• Introduction
  • System requirements
  • Licensing
  • CLC Genomics Server
• Installation
  • Quick installation guide
  • Installing and running the Server
    • Installing the Server software
  • Installation modes - console and silent
  • Upgrading an existing installation
    • Upgrading between major versions
  • Allowing access through your firewall
  • Downloading a license
    • Download a static license on a non-networked machine
  • Starting and stopping the server
    • Microsoft Windows
    • macOS
    • Linux
• Basic configuration
  • Logging into the administrative interface
  • Server display name
  • Adding locations for saving data
    • CLC Server File System Locations
    • Reference data management
    • Enabling and disabling internal compression of CLC data
  • Changing the listening port
  • SSL and encryption
    • Client-server encrypted communication
    • Logging in using SSL from a CLC Workbench
    • Logging in using SSL from the CLC Server Command Line Tools
    • Master-job node encrypted communication
    • Master-grid node encrypted communication
  • Changing the tmp directory
    • Job node setup
  • Setting the amount of memory available for the JVM
  • Limiting the number of cpus available for use
  • HTTP settings
  • External network connections
  • Proxy settings
• Searching the web client
• Managing users and groups
  • Changing the root password
  • User authentication for the CLC Server
    • Giving users administration rights
    • LDAP directory
    • Active Directory
    • Built-in authentication
• Access privileges and permissions
  • Controlling group access to CLC Server data
    • Setting permissions on folders
    • Technical notes about permissions and security
  • Controlling access to the server, server tasks and external data
• Job processing
  • Introduction to servers setups
  • Model I: Master server with dedicated job nodes
    • Overview: Model I
    • User credentials on a master-job node setup
    • Configuring a job node setup
    • Installing Server plugins on job nodes
  • Model II: Master server submitting to grid nodes
    • Overview: Model II
    • Requirements for CLC Grid Integration
    • Technical overview
    • Setting up the grid integration
    • Configuring the master node for a grid setup
    • Licensing of grid workers
    • Configuring licenses as a consumable resource
    • Configuring grid presets
    • Controlling the number of cores utilized
    • Multi-job processing on grid
    • Other grid worker options
    • Testing a Grid Preset
    • Client-side: submitting CLC jobs to the grid
    • Grid Integration Tips
    • Understanding memory settings
  • Model III: Single Server setup
  • Workflow settings
    • Workflow distribution options
    • Choosing a workflow distribution option
    • Intermediate workflow result handling
• Working with external data locations
  • Import/export directories
  • Direct data transfer from client systems
  • AWS Connections in the CLC Server
  • AWS S3 public buckets
  • Browse AWS S3 locations
  • Illumina BaseSpace
• Working with CLC Server File System Locations
  • Browsing CLC Server File System Locations
  • Searching CLC Server File System Locations
• Workflows
  • Installing and configuring workflows
  • Executing workflows
  • Updating workflows
  • Reference data in server workflows
• BLAST databases
• Status and management
  • Downloading a license via the web interface
  • Server maintenance
  • User statistics
  • System statistics
• Queue
• Audit log
• Server plugins
• External applications
  • External application configurations
    • Configuring the containerized execution environment
  • Configuring external applications
    • Editing external applications
    • External command
    • High-throughput sequencing import / Post-processing
    • Stream handling
    • Failure strategy
    • Environment
    • End user interface
    • Management
  • Using consistent reference data in external applications
  • Import and export of external application configurations
  • Updating external application configurations
  • Example: Velvet (standard external application)
    • Installing Velvet
    • Running Velvet from the Workbench
    • Understanding the Velvet configuration
  • Example: Bowtie (standard external application)
    • Installing Bowtie
    • Understanding the Bowtie Map configuration
    • Tools for building index files
  • Example: Kraken2 (containerized external application)
    • Extending the Kraken2 external application for paired data
  • Example: MAFFT (containerized external application)
  • External applications in workflows
  • Running external applications
    • Using a CLC Workbench to launch external applications
    • Using CLC Server Command Line Tools to launch external applications
  • Troubleshooting external applications
• CLC Genomics Cloud Access
• Recycle bins
  • Automatic cleanup of recycle bins
  • Emptying and restoring data from recycle bins
  • Recycle bin restrictions
• Configuring CLC Workbench connections
• Troubleshooting
  • Check setup
  • Bug reporting
• Command line tools
• Analysis automation
• Appendix
  • Use of multi-core computers
  • Non-exclusive Algorithms
  • DRMAA libraries
    • DRMAA for SLURM
    • DRMAA for LSF
    • DRMAA for PBS Pro
    • DRMAA for OGE or SGE
  • Consumable Resources
  • Server system communication diagrams
  • Third party libraries
  • Read Mapper Reference Caching
  • Monitoring
    • Setting up JMX monitoring
    • Completed process metrics
    • Process execution metrics
    • Job node metrics
• Bibliography

Controlling access to the server, server tasks and external data

Access to the various aspects of the CLC Server can be controlled using settings under the Global permissions tab (figure 6.5), found at:

        Configuration () | Global Permissions ()

To edit permissions, click on a heading and then click on an Edit Permissions button. When the option Only authorized users from selected groups is selected in the edit dialog, access can be granted to or removed from groups as relevant (figure 6.6).

Figure 6.5: Access to many aspects of the CLC Server can be controlled using settings under the Global permission tab.

Figure 6.6: Permissions can be granted to or removed from individual groups.

The sections under the Global permissions tab are described below, grouped by the general area they pertain to.

Restricting access to the CLC Server

By default, all users with access to the CLC Server can log in, and can use any client software to do so. Restrictions are available at two levels :

• Login restrictions Restrict login to the CLC Server by any route to only members of specified groups.

• Client access Restrict access to the CLC Server at a per-CLC client level (CLC Workbench, CLC Server Command Line Tools or web client).

  Notes:

  • By default, all authorized users can log into the CLC Server using any client type.
  • At minimum, the admin group must have access to the web client.
  • Access from a CLC Workbench or the CLC Server Command Line Tools can be entirely blocked by selecting the Only authorized users from selected groups option in the edit dialog and not selecting any groups.

  
  Figure 6.7: These settings allow any authorized to log into the CLC Server from a CLC Workbench. Only members of the admin and bioinf groups can log in using the CLC Server Command Line Tools, and only members of the admin group can log in using the web client.

Extending access to administrative tasks

By default, non-administrative users logged into the web client have access only to the Element info tab. Access to some administrative functionality can be granted using the settings described in this section.

• Web admin access Access to the following administrative functionality can be extended to members of non-admin groups (figure 6.8):
  • Audit log Grant access to work with the Audit log.

  • External applications Grant permissions to configure and administer external applications.

  • Queue Grant access to the Queue tab, where the list of processes queued or running on the CLC Server can be seen. This also grants permission to cancel queued or running jobs.

  • Workflows Grant permissions to install and administer workflows on the CLC Server.

    
    Figure 6.8: Access to some administrative functionality can be granted to members of non-admin groups.

Restricting access to analysis functionality

• Algorithms Restrict access to individual tools (figure 6.9).

  Enter a term in the search field just below the section heading to list only tools with names containing that term.

  
  Figure 6.9: By default, all authorized users have access to all tools. Here, access to the Amino Acid Changes tool has been limited to members of the admin and bioinformaticians groups.

• Workflows Restrict access to workflows installed on the CLC Server and control who can submit workflows present on a CLC Workbench for execution on the CLC Server.

  Server-installed workflows Each workflow installed on the CLC Server is listed, with access to each configured individually (figure 6.10).

  Other workflows By default, any workflow installed on a CLC Workbench or launched from the workflow editor in the CLC Workbench can be run on the CLC Server by any authorized user. This can be restricted by limiting access to the Server Execution of Workbench Workflows workflow. That workflow is used by the system when a Workbench workflow is run on the server.

  
  Figure 6.10: With these settings, all authorized users are allowed to run the Copy of Prepare Raw Data v0.1 workflow. Only members of the bioinf group can run the Copy of De Novo Assemble Long Reads and Polish with Short Reads v0.1 workflow. Only members of the testers group can run Workbench workflows on the CLC Server.

• External applications Restrict access to available External Applications. Access to each external application can also be configured under the Management tab for that application (see Editing external applications).

Restricting access to non-CLC data and systems

• Import/export directories Restrict access to file system areas configured as import/export directories.

• AWS Connections Restrict access to AWS Connections.

Restricting access to computational resources

• Grid presets Restrict access to grid presets.

  Relevant only for setups with grid nodes.

  Note: Grid presets are identified by name. Changing a grid preset's name under the Job processing tab, in effect, creates a new preset. Any relevant restrictions must be configured for this new preset. (Access permissions on the old preset are not copied automatically to the new preset.)

• Cloud presets Restrict access to cloud presets.

  Relevant only where the Cloud Server Plugin is installed and an AWS Connection has been configured for accessing an AWS account with CLC Genomics Cloud resources in place. To use a cloud preset, a user must have access to the cloud preset as well as to the AWS Connection configured in that preset.

---