• Manuals

Browse the manual

• Introduction
  • System requirements
  • Licensing
  • CLC Genomics Server
• Installation
  • Quick installation guide
  • Installing and running the Server
    • Installing the Server software
  • Installation modes - console and silent
  • Upgrading an existing installation
    • Upgrading between major versions
  • Allowing access through your firewall
  • Downloading a license
    • Download a static license on a non-networked machine
  • Starting and stopping the server
    • Microsoft Windows
    • macOS
    • Linux
• Basic configuration
  • Logging into the administrative interface
  • Server display name
  • Adding locations for saving data
    • CLC Server File System Locations
    • Reference data management
    • Enabling and disabling internal compression of CLC data
  • Changing the listening port
  • SSL and encryption
    • Client-server encrypted communication
    • Logging in using SSL from a CLC Workbench
    • Logging in using SSL from the CLC Server Command Line Tools
    • Master-job node encrypted communication
    • Master-grid node encrypted communication
  • Changing the tmp directory
    • Job node setup
  • Setting the amount of memory available for the JVM
  • Limiting the number of cpus available for use
  • HTTP settings
  • External network connections
  • Proxy settings
• Searching the web client
• Managing users and groups
  • Changing the root password
  • User authentication for the CLC Server
    • Giving users administration rights
    • Authentication options
    • Managing users and groups using built-in authentication
  • User authentication via the Workbench for built-in authentication
• Access privileges and permissions
  • Controlling group access to CLC Server data
    • Setting permissions on folders
    • Technical notes about permissions and security
  • Controlling access to the server, server tasks and external data
  • Customized attributes on data locations
    • Filling in values
    • What happens when a clc object is copied to another data location?
    • Searching custom attributes
• Job processing
  • Introduction to servers setups
  • Model I: Master server with dedicated job nodes
    • Overview: Model I
    • User credentials on a master-job node setup
    • Configuring a job node setup
    • Installing Server plugins on job nodes
  • Model II: Master server submitting to grid nodes
    • Overview: Model II
    • Requirements for CLC Grid Integration
    • Technical overview
    • Setting up the grid integration
    • Configuring the master node for a grid setup
    • Licensing of grid workers
    • Configuring licenses as a consumable resource
    • Configuring grid presets
    • Controlling the number of cores utilized
    • Multi-job processing on grid
    • Other grid worker options
    • Testing a Grid Preset
    • Client-side: submitting CLC jobs to the grid
    • Grid Integration Tips
    • Understanding memory settings
  • Model III: Single Server setup
  • Workflow settings
    • Workflow distribution options
    • Choosing a workflow distribution option
    • Intermediate workflow result handling
• Working with external data locations
  • Import/export directories
  • Direct data transfer from client systems
  • AWS Connections in the CLC Server
  • AWS S3 public buckets
  • Browse AWS S3 locations
  • Illumina BaseSpace
• Working with CLC Server File System Locations
  • Browsing CLC Server File System Locations
  • Searching CLC Server File System Locations
    • Rebuilding the index
• Workflows
  • Installing and configuring workflows
  • Executing workflows
  • Updating workflows
• BLAST databases
• Status and management
  • Downloading a license via the web interface
  • Server maintenance
  • User statistics
  • System statistics
• Queue
• Audit log
• Server plugins
• External applications
  • External application configurations
    • Configuring the containerized execution environment
  • Configuring external applications
    • Editing external applications
    • External command
    • High-throughput sequencing import / Post-processing
    • Stream handling
    • Failure strategy
    • Environment
    • End user interface
    • Management
  • Using consistent reference data in external applications
  • Import and export of external application configurations
  • Updating external application configurations
  • Example: Velvet (standard external application)
    • Installing Velvet
    • Running Velvet from the Workbench
    • Understanding the Velvet configuration
  • Example: Bowtie (standard external application)
    • Installing Bowtie
    • Understanding the Bowtie Map configuration
    • Tools for building index files
  • Example: Kraken2 (containerized external application)
    • Extending the Kraken2 external application for paired data
  • Example: MAFFT (containerized external application)
  • External applications in workflows
  • Running external applications
    • Using a CLC Workbench to launch external applications
    • Using CLC Server Command Line Tools to launch external applications
  • Troubleshooting external applications
• CLC Genomics Cloud Access
• Recycle bins
  • Automatic cleanup of recycle bins
  • Emptying recycle bins
  • Recycle bin restrictions
• Configuring CLC Workbench connections
• Troubleshooting
  • Check setup
  • Bug reporting
• Command line tools
• Analysis automation
• Appendix
  • Use of multi-core computers
  • Non-exclusive Algorithms
  • DRMAA libraries
    • DRMAA for SLURM
    • DRMAA for LSF
    • DRMAA for PBS Pro
    • DRMAA for OGE or SGE
  • Consumable Resources
  • Server system communication diagrams
  • Third party libraries
  • Read Mapper Reference Caching
  • Monitoring
    • Setting up JMX monitoring
    • Completed process metrics
    • Process execution metrics
    • Job node metrics
• Bibliography

Client-server encrypted communication

HTTPS communication between client software and the CLC Server is supported out of the box using a self-signed certificate. A description of how this is done is below.

Note: When upgrading in place from the CLC Genomics Server 24.x or earlier, client-server encrypted communication is not enabled out of the box. Instructions are provided later in this section for enabling client-server communication on such setups.

Logging in from a CLC Workbench is described in Logging in using SSL from the Workbench.

Connecting using the CLC Server Command Line Tools is described in Logging in using SSL from the CLC Server Command Line Tools.

The web client for an SSL-enabled CLC Server can be accessed using HTTPS and the relevant port, e.g. https://<hostname>:8443.

Client-server encrypted communication enabled out of the box using self-signed certificates

A new installation of the CLC Server supports HTTPS communication between clients and the server out of the box using a self-signed certificate that comes with the distribution. That certificate can be found at conf/clc-server-self-signed.p12, under the installation directory of the CLC Server. The Tomcat configuration file conf/server.xml contains a valid, SSL enabled Connector using this certificate, configured for port 8443.

Thus, after installing the CLC Server, client software can connect using port 8443 and communication via that connection will be encrypted.

Note however that the hostname (Common Name) in that self-signed certificate is, by default, "CLC Server". That is, it will not match the hostname of the server. A user of client software, for example, a CLC Workbench, can choose to trust the certificate despite this, but we recommend updating the certificate with a matching hostname. This is easily done using "Create a self-signed certificate" option in the HTTPS Configuration tool, which is launched by clicking on the HTTPS Configuration... button under Job processing | Server settings | SSL and certificate management.

Important notes:

• Connections between the CLC Server and client software can still be made using port 7777. Connections using that port are not encrypted by default.
• When upgrading the CLC Server in place from version 24.x or earlier, HTTPS communication between client and server is not enabled out of the box because the Tomcat configuration file, conf/server.xml, is not overwritten when upgrading. To enable encrypted client-server communication using the self-signed certificate at conf/clc-server-self-signed.p12, add a relevant Connector to the Tomcat configuration file. This can be done easily using the HTTPS Configuration tool, which is launched by clicking on the HTTPS Configuration... button under Job processing | Server settings | SSL and certificate management.
• Connector configuration syntax deprecated in Tomcat 9 is not recognized by the HTTPS Configuration tool. If you wish to update a certificate using functionality in that tool, first use the tool to edit the Tomcat configuration to update the Connector syntax to the expected form.

Configuring HTTPS communication between client and server when upgrading in place from version 24.x or earlier

When working on a system upgraded from version 24.x or earlier to 25.x or later, on a setup where encrypted communication is not already configured between client software and the CLC Server, carry out the following steps:

• If not already present, add a Connector that supports encrypted communication to the Tomcat configuration file, conf/server.xml.

  To do this, click on the HTTPS Configuration... button and choose the option "Edit Tomcat configuration".

  To easily add a new Connector of the expected form, click on the "Copy default SSL <Connector> configuration to clipboard" link near the top of the dialog and then paste the contents of the clipboard into the server.xml configuration file.

  If you are not using the self-signed certificate at conf/clc-server-self-signed.p12, you can click on the Include keystore file... button to add an X.509 certificate into the conf directory of the CLC Server installation.

• To use the self-signed certificate at conf/clc-server-self-signed.p12, update it with the correct hostname for the system. To do this, click on the HTTPS Configuration... button and choose the option "Create self-signed certificate". Ensure the correct hostname is in the "Hostname for certificate (Common Name)" field before clicking on the Create Certificate... button.

---