4. Access
Graphcloud provides access to a “virtual Pod” or vPod. This is a subset of IPUs and servers in a Pod system that is securely isolated from access by other IPUs or servers.
The secure connection to your Graphcloud vPod instance is provided using SSH key security. To gain access to your vPod instance, you will be asked to send an SSH public key to Graphcore.
This section describes how you access Graphcloud.
4.1. Working with SSH key pairs
If you are familiar with working with SSH key pairs, then you can skip this section and proceed to Section 4.2, Logging into Graphcloud.
4.1.1. Creating an SSH key pair
If you do not have a key pair, then you can create one as shown in Listing 4.1.
$ ssh-keygen
You will be asked to enter a file in which to save the key. Either enter a new location or you can accept the default by pressing Enter. You will also be asked to enter a passphrase. While a passphrase does improve security, it is not necessary and you can have a blank passphrase by just pressing Enter. The keys are then created and the location and names of the keys are displayed. Listing 4.2 shows an example of the output when creating an RSA keypair.
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/<username>/.ssh/id_rsa): /usr/<username>/.ssh/gclogin
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /usr/<username>/.ssh/gclogin.
Your public key has been saved in /usr/<username>/.ssh/gclogin.pub.
The key fingerprint is:
SHA256:2qSRQ9KQfl6SHkWkWZtqwoos2r20iiajr3vNrYfQ84g <username>@<username>
The key's randomart image is:
+---[RSA 3072]----+
| .. o+ |
| .o +.o |
| .. =oo |
| ..o=o. |
| .o+*+S |
|....oooB |
|o..=.*o . |
|=+Eo=.+ |
|X*+.=+ |
+----[SHA256]-----+
For more information about generating keypairs, refer to the SSH website.
4.1.2. Sending the public SSH key to Graphcore
Send your public key to the field application engineer who does your Graphcloud onbarding.
4.1.3. Adding your private key to your local SSH configuration file
Note
Your secure connection will only work if the corresponding private
key exists in the correct location (~/.ssh) on the machine you are using
to connect to Graphcloud.
You will be sent confirmation that Graphcore has installed the public key on the
Graphcloud server and the username and Graphcloud IP address (hostname in Listing 4.3) for you to use to connect to your vPod instance over SSH. You can make this easier to use by adding the information to your SSH configuration file. An example of an SSH configuration file entry for the Graphcloud server is shown in Listing 4.3.
host gc-graphcloud
hostname 123.456.789.012
user myusername
identityfile -/.ssh/gclogin
host can be any name you choose.
4.2. Logging into Graphcloud
You can log in over SSH using the host you defined in your SSH configuration file (Listing 4.4) or you can use the IP address (Listing 4.5).
$ ssh gc-graphcloud
$ ssh 123.456.789.012
Note
You will not have root access on the Graphcloud server.
4.3. Managing your account
4.3.1. Adding more users
You can add more users to your instance by sending their email addresses, names and SSH public keys to Graphcore, as you have already done for yourself. We will then install these on the servers to which your organisation has been granted access.
Note that each user must use their own public SSH key. Multiple users must not use the same key, as this could raise security problems, and also make it difficult to analyse and audit any security issues that may arise from the use of the service.
Note
Multiple user jobs can be run at the same time provided that the total number of IPUs requested does not exceed the number of IPUs in the Pod system. This is because we use a reconfigurable Virtual-IPU partition that supports many smaller partition requests within it. Refer to the Getting Started with Graphcloud, the Monitoring Hardware Quick Start and the V-IPU User Guide for more information on partitions.
4.3.2. Extending access to Graphcloud
Please let us know as soon as possible if you would like to extend your access to Graphcloud by switching to a paid-for service. Cirrascale will provide full details of the payment options available.
4.3.3. Closing your account
When your Graphcloud account is closed all of your data will be wiped from the server. This includes:
Software and data files
Any log files
You need to explicitly copy any data from the sever that you want to keep (for example, using scp).