Skip to content

Remote Access from outside CERN and other deployment sites

Since the deployments will be running within GPN at CERN (or corresponding local networks at other sites) and generally not have internet access, a direct connection in the web browser is often not possible. there are several methods to connect to the web interface and backends.

Generally, the CERN instructions for remote work apply:

https://security.web.cern.ch/recommendations/en/working_remotely.shtml

CERN lxtunnel proxy hosts

This is the recommended method since it is officially supported by CERN and easy to set up in the browser only (+ ssh shell like putty). We recommend a browser like Firefox that allows SOCKS5 proxy settings per browser instead of having to use system-wide settings. Just follow the official CERN IT instructions to set up the proxy and connect via your browser:

https://security.web.cern.ch/recommendations/en/ssh_browsing.shtml

Please note that some browsers due not support SOCKS5 out of the box, therefore we recommend the Firefox browser for this purpose, also because it is the standard browser at CERN.

SSH tunnel

You can tunnel just port 80 using lxplus as jump host.

ssh <deployment-server> -J <username>@lxplus9.cern.ch

CERN instructions:

https://security.web.cern.ch/recommendations/en/ssh_tunneling_x11.shtml

Browser Proxy

Instructions on how to setup your browser to enable viewing the GUIs from remote can be found here.

VNC

One of the main goals of this project is to avoid the hassle connected with VNC and allow browser-only access. But for completeness and low-level debugging it may be useful (or necessary) to fall back to VNC.

The official CERN instructions to set up VNC are here:

https://security.web.cern.ch/recommendations/en/ssh_tunneling_vnc.shtml

Generally

  1. Run a vncserver on a host at CERN (lxplus or the deployment host)
  2. Tunnel the VNC port to your localhost
  3. Connect to localhost:port using VNC client