• Manuals

Browse the manual

• Introduction
  • System requirements
  • Licensing
  • CLC Genomics Server
• Installation
  • Quick installation guide
  • Installing and running the Server
    • Installing the Server software
  • Installation modes - console and silent
  • Upgrading an existing installation
    • Upgrading between major versions
  • Allowing access through your firewall
  • Downloading a license
    • Download a static license on a non-networked machine
  • Starting and stopping the server
    • Microsoft Windows
    • macOS
    • Linux
• Basic configuration
  • Logging into the administrative interface
  • Server display name
  • Adding locations for saving data
    • CLC Server File System Locations
    • Reference data management
    • Enabling and disabling internal compression of CLC data
  • Changing the listening port
  • SSL and encryption
    • Client-server encrypted communication
    • Logging in using SSL from a CLC Workbench
    • Logging in using SSL from the CLC Server Command Line Tools
    • Master-job node encrypted communication
    • Master-grid node encrypted communication
  • Changing the tmp directory
    • Job node setup
  • Setting the amount of memory available for the JVM
  • Limiting the number of cpus available for use
  • HTTP settings
  • External network connections
  • Proxy settings
• Searching the web client
• Managing users and groups
  • Changing the root password
  • User authentication for the CLC Server
    • Giving users administration rights
    • LDAP directory
    • Active Directory
    • Built-in authentication
• Access privileges and permissions
  • Controlling group access to CLC Server data
    • Setting permissions on folders
    • Technical notes about permissions and security
  • Controlling access to the server, server tasks and external data
• Job processing
  • Introduction to servers setups
  • Model I: Master server with dedicated job nodes
    • Overview: Model I
    • User credentials on a master-job node setup
    • Configuring a job node setup
    • Installing Server plugins on job nodes
  • Model II: Master server submitting to grid nodes
    • Overview: Model II
    • Requirements for CLC Grid Integration
    • Technical overview
    • Setting up the grid integration
    • Configuring the master node for a grid setup
    • Licensing of grid workers
    • Configuring licenses as a consumable resource
    • Configuring grid presets
    • Controlling the number of cores utilized
    • Multi-job processing on grid
    • Other grid worker options
    • Testing a Grid Preset
    • Client-side: submitting CLC jobs to the grid
    • Grid Integration Tips
    • Understanding memory settings
  • Model III: Single Server setup
  • Workflow settings
    • Workflow distribution options
    • Choosing a workflow distribution option
    • Intermediate workflow result handling
• Working with external data locations
  • Import/export directories
  • Direct data transfer from client systems
  • AWS Connections in the CLC Server
  • AWS S3 public buckets
  • Browse AWS S3 locations
  • Illumina BaseSpace
• Working with CLC Server File System Locations
  • Browsing CLC Server File System Locations
  • Searching CLC Server File System Locations
• Workflows
  • Installing and configuring workflows
  • Executing workflows
  • Updating workflows
  • Reference data in server workflows
• BLAST databases
• Status and management
  • Downloading a license via the web interface
  • Server maintenance
  • User statistics
  • System statistics
• Queue
• Audit log
• Server plugins
• External applications
  • External application configurations
    • Configuring the containerized execution environment
  • Configuring external applications
    • Editing external applications
    • External command
    • High-throughput sequencing import / Post-processing
    • Stream handling
    • Failure strategy
    • Environment
    • End user interface
    • Management
  • Using consistent reference data in external applications
  • Import and export of external application configurations
  • Updating external application configurations
  • Example: Velvet (standard external application)
    • Installing Velvet
    • Running Velvet from the Workbench
    • Understanding the Velvet configuration
  • Example: Bowtie (standard external application)
    • Installing Bowtie
    • Understanding the Bowtie Map configuration
    • Tools for building index files
  • Example: Kraken2 (containerized external application)
    • Extending the Kraken2 external application for paired data
  • Example: MAFFT (containerized external application)
  • External applications in workflows
  • Running external applications
    • Using a CLC Workbench to launch external applications
    • Using CLC Server Command Line Tools to launch external applications
  • Troubleshooting external applications
• CLC Genomics Cloud Access
• Recycle bins
  • Automatic cleanup of recycle bins
  • Emptying and restoring data from recycle bins
  • Recycle bin restrictions
• Configuring CLC Workbench connections
• Troubleshooting
  • Check setup
  • Bug reporting
• Command line tools
• Analysis automation
• Appendix
  • Use of multi-core computers
  • Non-exclusive Algorithms
  • DRMAA libraries
    • DRMAA for SLURM
    • DRMAA for LSF
    • DRMAA for PBS Pro
    • DRMAA for OGE or SGE
  • Consumable Resources
  • Server system communication diagrams
  • Third party libraries
  • Read Mapper Reference Caching
  • Monitoring
    • Setting up JMX monitoring
    • Completed process metrics
    • Process execution metrics
    • Job node metrics
• Bibliography

LDAP directory

Using the LDAP directory option, information needed during authentication and group memberships is retrieved from the specified LDAP directory. Encryption options are available (StartTLS and LDAPS). See figure 5.3.

Figure 5.3: LDAP settings panel

Configuration information

Encryption Specify whether communication should be encrypted. The options are "No encryption" (the default), "StartTLS" and "LDAPS".

With encryption enabled, the SSL certificate of the LDAP/AD server must be trusted by the CLC Server. If the certificate is signed by a trusted CA then no further steps are necessary. If the certificate is signed by an internal CA or is self-signed, the internal CA certificate or the self-signed certificate must be added to the truststore. Information about adding a certificate to the truststore is provided in the Certificates section below. To skip the certificate check, enable the Disable SSL certificate check option.

Admin group name Provide the name of the admin group. This setting is case sensitive. See also Giving users administration rights.

Groups DN Provide the relative path for an OU in the domain to act as the root used by the CLC Server. The groups available for selection when setting permissions are limited to those in or below that OU.

Using OU=bioinformatics, OU=researchers as an example, the list of groups available when setting permissions would be limited to those contained in the OU bioinformatics, which is in the OU researchers, which is in the root of the domain. If the Groups DN field is left empty, all groups in the AD will be available for selection when setting group level permissions.

See Controlling group access to CLC Server data and Controlling access to the server, server tasks and external data for further information about restricting access based on group membership.

Bind DN Specify a DN to use for the initial lookup to obtain a User DN (based on the username). The DN to use for subsequent lookups is specified in the "DN to use for lookups" option, described below. Leave this field empty to use an anonymous bind for the initial lookup and the user bind for subsequent lookups.

DN to use for lookups Specify whether to use the Bind DN or the User DN for read and search operations. This option is enabled if the Bind DN and Bind password fields have been filled in.

User object class Specify a user object class. If this field is empty, "posixAccount" is used.

Group object class Specify a group object class. If this field is empty, "posixGroup" is used.

Kerberos/GSSAPI Authentication Enable the LDAP integration to use Kerberos/GSSAPI.

Certificates

If encryption has been enabled and the LDAP/AD server uses a certificate signed by an internal CA or a self-signed certificate, that certificate must be added to the CLC Server truststore, which is located under the CLC Server installation folder at jre/lib/security/cacerts.

This can be done using the Java keytool shipped with the CLC Server, with a command taking this form:

	CLC_SERVER_BASE/jre/bin/keytool -import -alias \
	ldap_certificate -file LDAP_CERTIFICATE.cer -keystore \
	CLC_SERVER_BASE/jre/lib/security/cacerts -storepass changeit

In the command above, replace the generic information with information relevant for your setup. Specifically:

• Replace CLC_SERVER_BASE with the path to the CLC Server installation directory.
• Replace LDAP_CERTIFICATE with the path to the certificate your LDAP server uses for Start TLS/LDAPS connections.
• Replace changeit with the password for the truststore. ("changeit" is the default password.)

For setups with nodes, the following must also be done:

• For job node setups: Update the truststore of the CLC Server installation on each job node.
• For grid setups: Update the truststore for each grid worker. The location of grid workers can be found in the configuration of the grid presets in the web administrative interface under Configuration () | Job processing () | Server settings.

Caution:

• When the CLC Server is updated or the software is re-installed, all imported certificates will be removed, and must be imported again.
• Certificates have an expiration date. A new certificate should be added in advance of that date.

---