• Manuals

Browse the manual

• Introduction
  • System requirements
  • Licensing
  • CLC Genomics Server
• Installation
  • Quick installation guide
  • Installing and running the Server
    • Installing the Server software
  • Installation modes - console and silent
  • Upgrading an existing installation
    • Upgrading between major versions
  • Allowing access through your firewall
  • Downloading a license
    • Download a static license on a non-networked machine
  • Starting and stopping the server
    • Microsoft Windows
    • macOS
    • Linux
• Basic configuration
  • Logging into the administrative interface
  • Server display name
  • Adding locations for saving data
    • CLC Server File System Locations
    • Reference data management
    • Enabling and disabling internal compression of CLC data
  • Changing the listening port
  • SSL and encryption
    • Logging in using SSL from a CLC Workbench
    • Logging in using SSL from the CLC Server Command Line Tools
  • Changing the tmp directory
    • Job node setup
  • Setting the amount of memory available for the JVM
  • Limiting the number of cpus available for use
  • HTTP settings
  • External network connections
  • Proxy settings
• Managing users and groups
  • Changing the root password
  • User authentication for the CLC Server
    • Giving users administration rights
    • Authentication options
    • Managing users and groups using built-in authentication
  • User authentication via the Workbench for built-in authentication
• Access privileges and permissions
  • Controlling group access to CLC Server data
    • Setting permissions on folders
    • Technical notes about permissions and security
  • Controlling access to the server, server tasks and external data
  • Customized attributes on data locations
    • Filling in values
    • What happens when a clc object is copied to another data location?
    • Searching custom attributes
• Job processing
  • Introduction to servers setups
  • Model I: Master server with dedicated job nodes
    • Overview: Model I
    • User credentials on a master-job node setup
    • Configuring your setup
    • Installing Server plugins on job nodes
  • Model II: Master server submitting to grid nodes
    • Overview: Model II
    • Requirements for CLC Grid Integration
    • Technical overview
    • Setting up the grid integration
    • Configuring the master node for a grid setup
    • Licensing of grid workers
    • Configuring licenses as a consumable resource
    • Configuring grid presets
    • Controlling the number of cores utilized
    • Multi-job processing on grid
    • Other grid worker options
    • Testing a Grid Preset
    • Client-side: submitting CLC jobs to the grid
    • Grid Integration Tips
    • Understanding memory settings
  • Model III: Single Server setup
  • Workflow settings
    • Workflow distribution options
    • Choosing a workflow distribution option
    • Intermediate workflow result handling
• Working with external data locations
  • Import/export directories
  • Direct data transfer from client systems
  • AWS Connections in the CLC Server
  • AWS S3 public buckets
  • Browse AWS S3 locations
  • Illumina BaseSpace
• Working with CLC Server File System Locations
  • Browsing CLC Server File System Locations
  • Searching CLC Server File System Locations
    • Rebuilding the index
• Workflows
  • Installing and configuring workflows
  • Executing workflows
  • Updating workflows
• BLAST databases
• Status and management
  • Downloading a license via the web interface
  • Server maintenance
  • User statistics
  • System statistics
• Queue
• Audit log
• Server plugins
• External applications
  • External application configurations
    • Configuring the containerized execution environment
  • Configuring external applications
    • Editing external applications
    • External command
    • High-throughput sequencing import / Post-processing
    • Stream handling
    • Failure strategy
    • Environment
    • End user interface
    • Management
  • Using consistent reference data in external applications
  • Import and export of external application configurations
  • Updating external application configurations
  • Example: Velvet (standard external application)
    • Installing Velvet
    • Running Velvet from the Workbench
    • Understanding the Velvet configuration
  • Example: Bowtie (standard external application)
    • Installing Bowtie
    • Understanding the Bowtie Map configuration
    • Setting the path for temporary data
    • Tools for building index files
  • Example: Kraken2 (containerized external application)
    • Extending the Kraken2 external application for paired data
  • Example: MAFFT (containerized external application)
  • External applications in workflows
  • Running external applications
    • Using a CLC Workbench to launch external applications
    • Using CLC Server Command Line Tools to launch external applications
  • Troubleshooting external applications
• CLC Genomics Cloud Access
• Recycle bins
  • Automatic cleanup of recycle bins
  • Emptying recycle bins
  • Recycle bin restrictions
• Configuring CLC Workbench connections
• Troubleshooting
  • Check setup
  • Bug reporting
• Command line tools
• Appendix
  • Use of multi-core computers
  • Non-exclusive Algorithms
  • DRMAA libraries
    • DRMAA for SLURM
    • DRMAA for LSF
    • DRMAA for PBS Pro
    • DRMAA for OGE or SGE
  • Consumable Resources
  • Server system communication diagrams
  • Third party libraries
  • Read Mapper Reference Caching
  • Monitoring
    • Setting up JMX monitoring
    • Completed process metrics
    • Process execution metrics
    • Job node metrics
• Bibliography

SSL and encryption

CLC Server client software (CLC Workbenches, CLC Server Command Line Tools, web client) can communicate with theCLC Server over SSL. This is particularly relevant for setups where the CLC Server is accessible to client software over the internet as well as on a local network. To establish encrypted communication, SSL must be enabled on the CLC Server, and the server certificate must be trusted by the client software.

Enabling SSL on the CLC Server involves obtaining and installing a certificate, and then configuring Tomcat, bundled with the CLC Server software, to support SSL connections. These aspects are described further below.

Logging in to an SSL-enabled CLC Server using a CLC Workbench is described in Logging in using SSL from the Workbench. Logging in to an SSL-enabled CLC Server using the CLC Server Command Line Tools is described in Logging in using SSL from the CLC Server Command Line Tools. The web client for an SSL-enabled CLC Server can be accessed using HTTPS, using the relevant port, e.g. https://<hostname>:8443. If the certificate is not already trusted, the web browser will prompt you to confirm that it is trusted before connecting.

Important notes:

• The default configuration of the CLC Server does not use SSL.
• Communication between a master and execution nodes takes place over HTTP. SSL is not supported for this communication.

Obtaining and installing a certificate

A server certificate is required before SSL can be enabled on the CLC Server. This is usually obtained from a Certificate Authority (CA) like Thawte or Verisign (see https://en.wikipedia.org/wiki/Certificate_authorities). Self-signed certificates can also be used.

The signed certificate must be placed in a location accessible to the CLC Server process, for example in the conf directory located under the CLC Server installation folder.

Configuring Tomcat for SSL

To enable SSL connections using port 8443, add a Connector to the Tomcat configuration file, located under the CLC Server installation folder at conf/server.xml. The CLC Server must be restarted after changes are made for the changes to take effect.

An example Connector configuration, which refers to a PKCS12 keystore file in the conf directory of the CLC Server, is:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
     maxThreads="150" scheme="https" secure="true"
     clientAuth="false" sslProtocol="TLS"
     keystoreFile="conf/keystore.pkcs12" keystorePass="keystorepasswd"
     keystoreType="PKCS12"
     connectionTimeout="600000"
     maxParameterCount="1000"
     compression="off"
   />

where keystoreFile and keystorePass are assigned values relevant for the server:

• keystoreFile Provide the location of the PKCS12 keystore file. If it is under the conf folder under the CLC Server installation area, the relative location, as used in the example above, is sufficient. If the file is elsewhere, the full path to that location must be provided.
• keystorePass Provide the password for the keystore.

Adding SSL connectors does not disable the standard (non-SSL) port, which is 7777 by default.

---

Subsections

• Logging in using SSL from a CLC Workbench
• Logging in using SSL from the CLC Server Command Line Tools

---