• Manuals

Browse the manual

• Introduction
  • System requirements
  • Licensing
  • CLC Genomics Server
• Installation
  • Quick installation guide
  • Installing and running the Server
    • Installing the Server software
  • Installation modes - console and silent
  • Upgrading an existing installation
    • Upgrading between major versions
  • Allowing access through your firewall
  • Licensing the CLC Server
    • Configuring and checking online licensing
    • Downloading a license
  • Starting and stopping the server
    • Microsoft Windows
    • macOS
    • Linux
• Basic configuration
  • Logging into the administrative interface
  • Server display name
  • Adding locations for saving data
    • CLC Server File System Locations
    • Reference data management
    • Enabling and disabling internal compression of CLC data
  • Changing the listening port
  • SSL and encryption
    • Client-server encrypted communication
    • Logging in using SSL from a CLC Workbench
    • Logging in using SSL from the CLC Server Command Line Tools
    • Master-job node encrypted communication
    • Master-grid node encrypted communication
  • Changing the tmp directory
    • Job node setup
  • Setting the amount of memory available for the JVM
  • Limiting the number of cpus available for use
  • HTTP settings
  • External network connections
  • Proxy settings
• Searching the web client
• Managing users and groups
  • Changing the root password
  • User authentication for the CLC Server
    • Giving users administration rights
    • LDAP directory
    • Active Directory
    • Built-in authentication
• Access privileges and permissions
  • Controlling group access to CLC Server data
    • Setting permissions on folders
    • Technical notes about permissions and security
  • Controlling access to the server, server tasks and external data
• Job processing
  • Introduction to servers setups
  • Model I: Master server with dedicated job nodes
    • Overview: Model I
    • User credentials on a master-job node setup
    • Configuring a job node setup
    • Installing Server plugins on job nodes
  • Model II: Master server submitting to grid nodes
    • Overview: Model II
    • Requirements for CLC Grid Integration
    • Technical overview
    • Setting up the grid integration
    • Configuring the master node for a grid setup
    • Licensing of grid workers
    • Configuring licenses as a consumable resource
    • Configuring grid presets
    • Controlling the number of cores utilized
    • Multi-job processing on grid
    • Other grid worker options
    • Testing a Grid Preset
    • Client-side: submitting CLC jobs to the grid
    • Grid Integration Tips
    • Understanding memory settings
  • Model III: Single Server setup
  • Workflow settings
    • Workflow distribution options
    • Choosing a workflow distribution option
    • Intermediate workflow result handling
• Working with external data locations
  • Import/export directories
  • Direct data transfer from client systems
  • AWS Connections in the CLC Server
  • AWS S3 public buckets
  • Browse AWS S3 locations
  • Illumina BaseSpace
• Working with CLC Server File System Locations
  • Browsing CLC Server File System Locations
  • Searching CLC Server File System Locations
• Workflows
  • Installing and configuring workflows
  • Executing workflows
  • Updating workflows
  • Reference data in server workflows
• BLAST databases
• Status and management
  • Server maintenance
  • User statistics
  • Server setup summary
• Queue
• Audit log
• Server plugins
• External applications
  • External application configurations
    • Configuring the containerized execution environment
  • Configuring external applications
    • Editing external applications
    • External command
    • High-throughput sequencing import / Post-processing
    • Stream handling
    • Failure strategy
    • Environment
    • End user interface
    • Management
  • Using consistent reference data in external applications
  • Import and export of external application configurations
  • Updating external application configurations
  • Example: Velvet (standard external application)
    • Installing Velvet
    • Running Velvet from the Workbench
    • Understanding the Velvet configuration
  • Example: Bowtie (standard external application)
    • Installing Bowtie
    • Understanding the Bowtie Map configuration
    • Tools for building index files
  • Example: Kraken2 (containerized external application)
    • Extending the Kraken2 external application for paired data
  • Example: MAFFT (containerized external application)
  • External applications in workflows
  • Running external applications
    • Using a CLC Workbench to launch external applications
    • Using CLC Server Command Line Tools to launch external applications
  • Troubleshooting external applications
• CLC Genomics Cloud Access
• Recycle bins
  • Automatic cleanup of recycle bins
  • Emptying and restoring data from recycle bins
  • Recycle bin restrictions
• Configuring CLC Workbench connections
• Troubleshooting
  • Check setup
  • Bug reporting
• Command line tools
• Analysis automation
• Appendix
  • Use of multi-core computers
  • Non-exclusive Algorithms
  • DRMAA libraries
    • DRMAA for SLURM
    • DRMAA for LSF
    • DRMAA for PBS Pro
    • DRMAA for OGE or SGE
  • Consumable Resources
  • Server system communication diagrams
    • Communication diagrams for CLC Servers using online licensing
    • Communication diagrams for CLC Servers using downloaded license files
  • Third party libraries
  • Read Mapper Reference Caching
  • Controlling access to the CLC Server, data and execution environments
  • Monitoring
    • Setting up JMX monitoring
    • Completed process metrics
    • Process execution metrics
    • Job node metrics
• Bibliography

Configuring and checking online licensing

The information and files necessary for configuring online licensing are generated using the QIAGEN Digital Insights Admin Tool (QDIAT) and the QIAGEN Digital Insights OAuth2 Server, and then entered into the CLC Server web client.

Obtaining the information needed for online licensing

Three elements are needed for configuring online licensing: a server key, a client ID and a private key. To obtain these:

1. Log into QDIAT as a user with the Administrator role in the QDI licensing group for the CLC Server.
2. Open the CLC Genomics Server page by clicking on the CLC Genomics Server heading at the top of the page.
3. Generate the server key. Click the icon of a key in the Server Key column to generate (or regenerate) the server key (figure 2.4). The base CLC Server license is the only one that has icons in the Server Key column.

   
   Figure 2.4: The Licenses table under the Licensing tab is available after clicking the CLC Genomics Server heading at the top of the page. In the Server Key field for the CLC Server base license are three clickable icons used for viewing, copying and generating the server key.

   Rows for the "CLC Genomics Server" application that do not have icons in the Server key field relate to licensing of premium server extensions and execution nodes. Separate licensing actions are not needed for these.

4. Copy the server key. This can be done at this point, or later, when entering licensing details into the CLC Server web client.

5. Generate the client id and public/private key pair. Follow the link to setting up OAuth credentials provided in the instructions in the Server configuration section just below the Licensing table in QDIAT.

   Important: The private key generated will be available only immediately after creation. It is not stored by QIAGEN and cannot be retrieved again later. If it is lost, and new key pair will need to be generated.

6. Save the private key and copy the client ID. If prompted, confirm that the private key has been saved securely.

   The client ID can be copied from the the dialog that supports download of the private key, or it can be copied later from the QIAGEN Digital Insights OAuth2 Server.

For further details about working with QDIAT, please refer to the QDIAT manual.

Configure online licensing in the CLC Server

1. Log into the CLC Server web client as an administrative user.

2. Navigate to:

   Management () | Licensing ()

3. Expand the Online licensing section (figure 2.5).

4. Click Enter Client ID..., enter the client id in the "QiaOAuth Client ID" field, and click Save.

5. Click Enter Server Key..., enter the server key that was copied from QDIAT, and click Save.

6. Click Add Private Key..., select the private key file, and click Open.

   Note: the private key is stored as encrypted information.

7. Expand the Licensing mechanism section, select "Use online licensing" and click Save (figure 2.5).

8. Restart the CLC Server to have changes to the licensing configuration take effect.

Note: The CLC Server needs to be restarted after any changes relating to licensing are made, including changes to the licenses available from QDI Licensing.

Figure 2.5: Online licensing configured and being used by the CLC Server.

Checking the license status

Click the Check License Status button at the bottom of the "Online licensing" section (figure 2.5) to get information about the license(s) available from the QDI Licensing Service for this CLC Server.

Communication with the QDI Licensing Service

When using online licensing, a single server or master node connnects periodically to the QDI Licensing Service to start or renew the license session. Connections to the QDI Licensing Service (*.ingenuity.com) must thus be allowed.

Normally, the certificate chain returned will be signed by a trusted root certificate and the connection to the service will succeed.

Note that if man-in-the-middle software, for example software for package inspection or reverse proxy, is present and the certificate or certificate chain presented is not trusted by the CLC Server, the connection will fail. Two possible approaches to address this are:

1. Whitelist the addresses for the QDI Licensing Service (*.ingenuity.com) and do not let the man-in-the-middle software act on whitelisted addresses.

   OR

2. Add the relevant certificates, signed by an internal CA or self-signed, to the truststore for the CLC Server, which is located under the the single server or master node installation folder at jre/lib/security/cacerts.

   The Java keytool shipped with the CLC Server can be used to add a certificate to the truststore, using a command of this form:

   		CLC_SERVER_BASE/jre/bin/keytool -import -alias \
   		CERTALIAS -file CERTIFICATE.cer -keystore \
   		CLC_SERVER_BASE/jre/lib/security/cacerts -storepass changeit
   

   In the command above, replace the generic information with information relevant for your setup. Specifically:

   • Replace CLC_SERVER_BASE with the path to the CLC Server installation directory.
   • Replace CERTALIAS with the a certificate alias.
   • Replace CERTIFICATE with the path to the certificate.
   • Replace changeit with the password for the truststore. ("changeit" is the default password.)

   Important:

   • When the CLC Server is updated or the software is re-installed, all imported certificates will be removed, and must be imported again.
   • Certificates have an expiration date. A new certificate should be added in advance of that date.

---