Accessing KIDS With A Remote GUI Desktop

Like most high performance computing systems, KIDS users can access the system with a Secure Shell (SSH) client to obtain a command line prompt. KIDS also supports a way to access its login nodes in a way that makes it easy to run programs on the system that have a graphical user interface (GUI).  For this, we use NX.  NX is an efficient protocol for displaying a graphical desktop running on a remote system.  Two of the KIDS login nodes run NX servers, so users with an NX client on their local system can create graphical desktops running on a KIDS login node.  This page tells how to configure an NX client to be able to connect to KIDS.

Why NX?

There are several technologies for remote display of a graphical user interface.  Probably the most common is the X Window System itself; on many systems a user can ssh to a system and forward a program's GUI across the ssh connection onto the user's local X server.  This approach can give a poor user experience if the user's local system is connected to the network using a poor connection (low bandwidth and/or high latency).  VNC is a technology that largely overcomes the problems with using X for remote display over poor connections.  With VNC, a server runs on the remote system and the user runs a VNC client on their local system.  Instead of sending the low-level commands about how to draw windows as X would, the VNC server renders the display on the server side and then sends bitmaps of the screen to the client.  However, by default, VNC isn't very secure.

NX is like VNC in that its servers send bitmaps to the client, so it tends to be more efficient than X (and hence more usable over poor network connections).  Unlike VNC, current NX clients and servers make it easy to configure the NX connection based on the quality of their network connection, so that more data is sent when the user has a good, high bandwidth connection and less data if the connection is poor.  Also, NX is more secure than the standard VNC approach.

Configuring an NX client to access KIDS

Configuring an NX client to access KIDS isn't difficult, but there are a few details that aren't obvious.

Screencast

We've prepared a handy screencast to demonstrate how to configure an NX client to access KIDS.  We've provided the screencast in QuickTime format for Macintosh and Windows systems that have QuickTime installed (or other software that has QuickTime included, such as iTunes or Safari).  Click the QuickTime badge at the bottom of the page to download QuickTime.  For systems without QuickTime, we've also provided the screencast as an MPEG4 movie that has been shown to work with recent versions of Windows Media Player.  You may have to download the MPEG4 movie file completely before you can play it.

QuickTime

 KIDS-NX
M4V KIDS-NX-m4v

 

NX Client Configuration Summary

The best way to see how to configure an NX client for accessing Keeneland is to watch the screencast above, but if you can't or don't want to, the following summarizes the major steps.

  • Download and install an NX client.  Free clients are available for Macintosh, Windows, and Linux from NoMachine and OpenNX, among other sources.  In the screencast and the summary here, we used OpenNX.
  • Run the NX Connection Wizard program to configure a session for Keeneland.  The most important settings are:
    • Session: use any name you like, such as "KIDS" or "Keeneland"

    • Host: use either kidlogin1.nics.utk.edu or kidlogin2.nics.utk.edu.  These are the KIDS login nodes running an NX server.

    • Connection Type: use a setting that best matches your connection to the Internet.  Settings to the left transfer less data than those on the right, so they are more suitable when you have a poor network connection.

    • Desktop: Select "UNIX" as the desktop type, and either GNOME or KDE as the desktop flavor.  In the screencast, we used GNOME.

    • Leave the SSL box checked.

  • (The OpenNX Connection Wizard program may show an error after it completes on some platforms.  This is unfortunate, but in our experience it is benign.  By the time the error occurs, the configuration has already been saved.)

  • Run the NX client.

  • Select the KIDS session from the session drop down menu, using the name you set in the NX Connection Wizard.

  • You must set the SSH key for the NX servers running on KIDS.  Press the "Configure" button on the NX client main window.  In the General tab, press the "Key" button.  Obtain the SSH key either from http://www.nics.tennessee.edu/~ksharkey/keeneland-nx.key or at /data/nx/client.id_dsa.key on the KIDS login nodes.  Copy the key and paste it into the NX client's key dialog box, and save the key.

  • Back in the main NX client window, enter your username and your passcode (i.e., your PIN and then the six digits currently showing on your OTP token).

  • If all is well, you will either be presented with a window showing a brand new desktop running on the KIDS login node you specified above.  If you are reconnecting to an NX session, you will be presented with a list of sessions to which you can reconnect.

  • One gotcha: by default, your desktop may be set to start a screensaver with a password lock if it is idle for a time.  It turns out that the screensaver lock will not accept the PIN+OTP passcode.  So, disable the locking screensaver.    

    • For GNOME, go to System→Preferences→Screensaver and clear the checkbox that says "Activate screensaver when computer is idle."

    • For KDE, go to Control Center→Appearance & Themes→Screen Saver and clear the "Start Automatically" checkbox.

    • If you do get locked out, you can recover by ssh'ing from your local system to the login node running your NX desktop, and manually killing the screensaver process.

  • When you start a terminal or xterm, it should run as a login shell.  (To check, see if executing the module avail command gives an error.  If so, you don't have a login shell.)  The following may help configure the desktop's terminal to run a login shell.

    • For GNOME, under Edit→Profiles→Edit, choose "Run command as a login shell" on the Title and command tab.

    • For KDE, under Settings→Configure Konsole→Session change the Execute field to bash -l or the appropriate flag for your shell of choice. (See your shell's man page to find the correct flag.)

Questions?

Please send questions about configuring NX to access KIDS to help@xsede.org, putting Keeneland in the subject line.

 

QuickTime and the QuickTime Logo are trademarks of Apple Inc., registered in the U.S. and other countries.  The Get QuickTime Badge is a trademark of Apple Inc., used with permission.