ECaccess is a framework for batch and interactive access to ECMWF services for Member States and other ECMWF users.
The components of ECaccess are:
- The ECaccess gateways: all Member State users can access the ECMWF computing and archiving facilities through a gateway. Full ECaccess functionality requires an ECaccess gateway to be installed at the Member State. Alternatively, reduced ECaccess functionality is available on the ECMWF ECaccess gateway.
- The ECaccess Server: all gateways are connected to this server. It provides technical and high level services to the gateway, allowing generic access to computing and archiving facilities at ECMWF (through "ecgate").
- The "ecgate" server: includes services such as the local batch system, currently SLURM, the batch system on High Performance Computing Facility, currently PBS on the Cray clusters cca and ccb, and access to the ECFS, HOME and SCRATCH storage areas.
To allow authentication and improve security, an ECaccess Certification Authority (ECCA) certifies all ECaccess components.
The gateway software is provided for Member States' remote access to ECMWF computing and archiving facilities. Throughout the guide, the terms "gateway" and "ECaccess gateway" are used interchangeably. Gateways include a model for the management of "plugin" services. A plugin is a piece of code that handles requests/responses flowing through the gateway. Currently, there are plugins for incoming FTP, HTTP/S, X11, SSH and Telnet (MSgateways only) requests to ECMWF. Additional plugins are planned. On top of the SSH plugin the NX application can be used for interactive access to ECMWF. The ECMWF ECaccess gateway (hereafter referred to as "ECgateway") can be used on its own. Nevertheless, using a Member State ECaccess gateway (hereafter referred to "MSgateway") instead offers the following features and advantages over using the ECgateway on its own:
- Secure tunnel between ECMWF and MSgateway: all services are channelled through SSL (Secure Socket Layer) secure connections to ensure data integrity. For confidentiality, administrators can set up encryption.
- Security authentication: protocols such as FTP or Telnet use only basic security mechanisms during their login process. The MSgateway plugins invoke an SSL protocol component for user authentication.
- Low resource usage / fast response: opening and closing SSL connections takes a significant amount of CPU time, bandwidth and memory. MSgateways maintain a set of permanent SSL connections (to the ECaccess server) for their plugins.
- Web memory cache: pages collected by the MSgateway from ECMWF and passed to Member State browsers can be stored in a memory cache. If the same page is required again, it is retrieved from this cache. Since this cache is located on the MSgateway, this is quicker than access through the Internet.
Using an ECaccess gateway
If the basic features, available via the ECMWF ECaccess gateway interfaces, are sufficient, you can use "ecaccess.ecmwf.int" for the web and the FTP interface. The Web Toolkit (see Web Toolkit - The full featured client) uses "ecaccess.ecmwf.int" as the default gateway name. If you have access to RMDCN and want to use it for accessing ECMWF, you can use "msaccess.ecmwf.int" instead.
If you wish to use the advanced features, only available via a Member State ECaccess gateway, you will need to find out, on which host this gateway has been installed at your local site and which FTP and HTTPS ports are being used by that gateway. You may be able to obtain this information by running the
ecaccess-gateway-name Web Toolkit command. If
ecaccess-gateway-name is in your command path, it will provide information about the ECaccess gateway you are using.
If the command is not available, you will need to contact your local ECaccess administrator or Computing Representative. You can also email email@example.com.
By default, the following plugins are automatically started on all the gateways:
- The FTP plugin: allows Member State users to submit jobs and to transfer files (between their own computer on one side and ECMWF file systems and ECFS on the other side). This extended FTP server can also be used for access to ECMWF computing and archiving facilities from within shell scripts.
- The HTTP/S plugin: for job and file transfer management/monitoring from a browser.
- The Telnet and the X11 plugins (available on MSgateways only): provide access to ECMWF servers with a single-sign-on login process. Communication and authentication are established through the gateway.
- SSH is increasingly used for external connections. ECaccess includes an SSH plugin which will allow you to access ECMWF and run X11. Note that only SSH protocol version 2 is supported.