4. Access

Graphcloud provides access to a “virtual Pod” or vPod. This is a subset of IPUs and servers in a Pod system that is securely isolated from access by other IPUs or servers.

The secure connection to your Graphcloud vPod instance is provided using SSH key security. To gain access to your vPod instance, you will be asked to send an SSH public key to Graphcore.

This section describes how you access Graphcloud.

4.1. Working with SSH key pairs

If you are familiar with working with SSH key pairs, then you can skip this section and proceed to Section 4.2, Logging into Graphcloud.

4.1.1. Creating an SSH key pair

If you do not have a key pair, then you can create one as shown in Listing 4.1.

Listing 4.1 Command to generate an SSH keypair
$ ssh-keygen

You will be asked to enter a file in which to save the key. Either enter a new location or you can accept the default by pressing Enter. You will also be asked to enter a passphrase. While a passphrase does improve security, it is not necessary and you can have a blank passphrase by just pressing Enter. The keys are then created and the location and names of the keys are displayed. Listing 4.2 shows an example of the output when creating an RSA keypair.

Listing 4.2 Example of output when creating an SSH keypair using ssh-keygen.
 $ ssh-keygen
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/<username>/.ssh/id_rsa): /usr/<username>/.ssh/gclogin
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 Your identification has been saved in /usr/<username>/.ssh/gclogin.
 Your public key has been saved in /usr/<username>/.ssh/gclogin.pub.
 The key fingerprint is:
 SHA256:2qSRQ9KQfl6SHkWkWZtqwoos2r20iiajr3vNrYfQ84g <username>@<username>
 The key's randomart image is:

 +---[RSA 3072]----+
 |    .. o+        |
 |    .o +.o       |
 |   .. =oo        |
 |   ..o=o.        |
 |   .o+*+S        |
 |....oooB         |
 |o..=.*o .        |
 |=+Eo=.+          |
 |X*+.=+           |
 +----[SHA256]-----+

For more information about generating keypairs, refer to the SSH website.

4.1.2. Sending the public SSH key to Graphcore

Send your public key to the field application engineer who does your Graphcloud onbarding.

4.1.3. Adding your private key to your local SSH configuration file

Note

Your secure connection will only work if the corresponding private key exists in the correct location (~/.ssh) on the machine you are using to connect to Graphcloud.

You will be sent confirmation that Graphcore has installed the public key on the Graphcloud server and the username and Graphcloud IP address (hostname in Listing 4.3) for you to use to connect to your vPod instance over SSH. You can make this easier to use by adding the information to your SSH configuration file. An example of an SSH configuration file entry for the Graphcloud server is shown in Listing 4.3.

Listing 4.3 Example of entry in SSH config file for Graphcloud server
 host gc-graphcloud
 hostname 123.456.789.012
 user myusername
 identityfile -/.ssh/gclogin

host can be any name you choose.

4.2. Logging into Graphcloud

You can log in over SSH using the host you defined in your SSH configuration file (Listing 4.4) or you can use the IP address (Listing 4.5).

Listing 4.4 Example of logging in with the defined host name.
 $ ssh gc-graphcloud
Listing 4.5 Example of logging in with an IP address.
 $ ssh 123.456.789.012

Note

You will not have root access on the Graphcloud server.

4.3. Managing your account

4.3.1. Adding more users

You can add more users to your instance by sending their email addresses, names and SSH public keys to Graphcore, as you have already done for yourself. We will then install these on the server(s) to which your organisation has been granted access.

Note that each user must use their own public SSH key. Multiple users must not use the same key, as this could raise security problems, and also make it difficult to analyse and audit any security issues that may arise from the use of the service.

Note

Multiple user jobs can be run at the same time provided that the total number of IPUs requested does not exceed the number of IPUs in the Pod system. This is because we use a reconfigurable Virtual-IPU partition that supports many smaller partition requests within it. Refer to the About Graphcloud Quick Start, the Graphcloud Monitoring Hardware Quick Start and the V-IPU User Guide for more information on partitions.

4.3.2. Extending access to Graphcloud

Please let us know as soon as possible if you would like to extend your access to Graphcloud by switching to a paid-for service. Cirrascale will provide full details of the payment options available.

4.3.3. Closing your account

When your Graphcloud account is closed all of your data will be wiped from the server. This includes:

  • Software and data files

  • Any log files

You need to explicitly copy any data from the sever that you want to keep (for example, using scp).