• Manuals

Browse the manual

• Introduction
  • System requirements
  • Licensing
  • CLC Genomics Server
• Installation
  • Quick installation guide
  • Installing and running the Server
    • Installing the Server software
  • Installation modes - console and silent
  • Upgrading an existing installation
    • Upgrading between major versions
  • Allowing access through your firewall
  • Downloading a license
    • Download a static license on a non-networked machine
  • Starting and stopping the server
    • Microsoft Windows
    • macOS
    • Linux
• Basic configuration
  • Logging into the administrative interface
  • Server display name
  • Adding locations for saving data
    • CLC Server File System Locations
    • Reference data management
    • Enabling and disabling internal compression of CLC data
  • Changing the listening port
  • SSL and encryption
    • Client-server encrypted communication
    • Logging in using SSL from a CLC Workbench
    • Logging in using SSL from the CLC Server Command Line Tools
    • Master-job node encrypted communication
    • Master-grid node encrypted communication
  • Changing the tmp directory
    • Job node setup
  • Setting the amount of memory available for the JVM
  • Limiting the number of cpus available for use
  • HTTP settings
  • External network connections
  • Proxy settings
• Searching the web client
• Managing users and groups
  • Changing the root password
  • User authentication for the CLC Server
    • Giving users administration rights
    • Authentication options
    • Managing users and groups using built-in authentication
  • User authentication via the Workbench for built-in authentication
• Access privileges and permissions
  • Controlling group access to CLC Server data
    • Setting permissions on folders
    • Technical notes about permissions and security
  • Controlling access to the server, server tasks and external data
  • Customized attributes on data locations
    • Filling in values
    • What happens when a clc object is copied to another data location?
    • Searching custom attributes
• Job processing
  • Introduction to servers setups
  • Model I: Master server with dedicated job nodes
    • Overview: Model I
    • User credentials on a master-job node setup
    • Configuring a job node setup
    • Installing Server plugins on job nodes
  • Model II: Master server submitting to grid nodes
    • Overview: Model II
    • Requirements for CLC Grid Integration
    • Technical overview
    • Setting up the grid integration
    • Configuring the master node for a grid setup
    • Licensing of grid workers
    • Configuring licenses as a consumable resource
    • Configuring grid presets
    • Controlling the number of cores utilized
    • Multi-job processing on grid
    • Other grid worker options
    • Testing a Grid Preset
    • Client-side: submitting CLC jobs to the grid
    • Grid Integration Tips
    • Understanding memory settings
  • Model III: Single Server setup
  • Workflow settings
    • Workflow distribution options
    • Choosing a workflow distribution option
    • Intermediate workflow result handling
• Working with external data locations
  • Import/export directories
  • Direct data transfer from client systems
  • AWS Connections in the CLC Server
  • AWS S3 public buckets
  • Browse AWS S3 locations
  • Illumina BaseSpace
• Working with CLC Server File System Locations
  • Browsing CLC Server File System Locations
  • Searching CLC Server File System Locations
    • Rebuilding the index
• Workflows
  • Installing and configuring workflows
  • Executing workflows
  • Updating workflows
• BLAST databases
• Status and management
  • Downloading a license via the web interface
  • Server maintenance
  • User statistics
  • System statistics
• Queue
• Audit log
• Server plugins
• External applications
  • External application configurations
    • Configuring the containerized execution environment
  • Configuring external applications
    • Editing external applications
    • External command
    • High-throughput sequencing import / Post-processing
    • Stream handling
    • Failure strategy
    • Environment
    • End user interface
    • Management
  • Using consistent reference data in external applications
  • Import and export of external application configurations
  • Updating external application configurations
  • Example: Velvet (standard external application)
    • Installing Velvet
    • Running Velvet from the Workbench
    • Understanding the Velvet configuration
  • Example: Bowtie (standard external application)
    • Installing Bowtie
    • Understanding the Bowtie Map configuration
    • Tools for building index files
  • Example: Kraken2 (containerized external application)
    • Extending the Kraken2 external application for paired data
  • Example: MAFFT (containerized external application)
  • External applications in workflows
  • Running external applications
    • Using a CLC Workbench to launch external applications
    • Using CLC Server Command Line Tools to launch external applications
  • Troubleshooting external applications
• CLC Genomics Cloud Access
• Recycle bins
  • Automatic cleanup of recycle bins
  • Emptying recycle bins
  • Recycle bin restrictions
• Configuring CLC Workbench connections
• Troubleshooting
  • Check setup
  • Bug reporting
• Command line tools
• Analysis automation
• Appendix
  • Use of multi-core computers
  • Non-exclusive Algorithms
  • DRMAA libraries
    • DRMAA for SLURM
    • DRMAA for LSF
    • DRMAA for PBS Pro
    • DRMAA for OGE or SGE
  • Consumable Resources
  • Server system communication diagrams
  • Third party libraries
  • Read Mapper Reference Caching
  • Monitoring
    • Setting up JMX monitoring
    • Completed process metrics
    • Process execution metrics
    • Job node metrics
• Bibliography

Master-grid node encrypted communication

By default, communication from grid nodes to a master takes place over HTTP. For HTTPS communication, the following must be in place:

• SSL must be enabled on Tomcat, i.e.
  • A certificate must be in place on the CLC Server master node.
  • The Tomcat configuration file, conf/server.xml, on the master node must include a Connector that supports encrypted communication.
  • The master's certificate must be trusted. If using a self-signed certificate it must be added to its own trust store. This is described further below.
  • Update the port setting for the master to use a port that supports encrypted communication.
• The "Use HTTPS for node -> master communication" box in the Server settings area must be checked.

  After updating this setting, the change must be saved by clicking on the Save Configuration button.

Working with self-signed certificates on master-grid node setups

When working with self-signed certificates, configure the master as follows:

1. If not already present, add a Connector that supports encrypted communication to the Tomcat configuration file, conf/server.xml.

   To do this, click on the HTTPS Configuration... button and choose the option "Edit Tomcat configuration".

   To easily add a new Connector of the expected form, click on the "Copy default SSL <Connector> configuration to clipboard" link near the top of the dialog and then paste the contents of the clipboard into the server.xml configuration file.

   If you are not using the self-signed certificate at conf/clc-server-self-signed.p12, you can click on the Include keystore file... button to add an X.509 certificate into the conf directory of the CLC Server installation.

2. To use the self-signed certificate at conf/clc-server-self-signed.p12, update it with the correct hostname for the system. To do this, click on the HTTPS Configuration... button and choose the option "Create self-signed certificate". Ensure the correct hostname is in the "Hostname for certificate (Common Name)" field before clicking on the Create Certificate... button.

3. Restart the CLC Server when prompted to arrange for a restart.
4. Update the port setting for the master to use a port that supports encrypted communication.
5. Check the box beside "Use HTTPS for node -> master communication".
6. Click on the Save Configuration button.
7. Click on the Certificates... button in the "SSL and certificate management" section.
8. Click on the Trust Master Node button.

   This adds the master node's certificate to its own trust store.

Communication between the master and grid nodes will now be encrypted.

---