You are here: RPM Installation > Installation and Configuration > Installing Remote Visualization

3.13 Installing Remote Visualization

This topic contains instructions on how to install Remote Visualization, including licensing and configuration information.

Remote Visualization uses the FastX product. The Remote Visualization installation includes installing the Remote Visualization Server (gateway server) and Remote Visualization on the Torque MOM Hosts (session servers).

Remote Visualization Server (gateway server) and the Remote Visualization Session Servers, must be configured in order for Remote Visualization to work.

In this topic:

3.13.1 Open Necessary Ports
3.13.2 Obtain and Install the Remote Visualization License
3.13.3 Configure the RLM Plugin
3.13.4 Configure Moab to use Moab Web Services as a Resource Manager
3.13.5 Install Remote Visualization
3.13.6 Configure the Gateway Server
3.13.7 Configure a Session Server
3.13.8 Copy the Session Server Configuration to the Remaining Session Servers
3.13.9 (Optional) Install Graphical Packages on Each Torque MOM Host
3.13.10 Configure Moab for Remote Visualization
3.13.11 Configure Viewpoint for Remote Visualization

3.13.1 Open Necessary Ports

If your site is running firewall software on its hosts, you will need to configure the firewall to allow connections to Remote Visualization.

Do the following:

On the Remote Visualization Server (also known as the gateway server), do the following:

[root]# iptables-save > /tmp/iptables.mod
[root]# vi /tmp/iptables.mod

# Add the following lines immediately *before* the line matching
# "-A INPUT -j REJECT --reject-with icmp-host-prohibited"

-A INPUT -p tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp --dport 3443 -j ACCEPT

[root]# iptables-restore < /tmp/iptables.mod
[root]# service iptables save

On each Remote Visualization Session Server (Torque MOM Host), do the following:

[root]# iptables-save > /tmp/iptables.mod
[root]# vi /tmp/iptables.mod

# Add the following lines immediately *before* the line matching
# "-A INPUT -j REJECT --reject-with icmp-host-prohibited"

-A INPUT -p tcp --dport 3000 -j
-A INPUT -p tcp --dport 3443 -j ACCEPT
-A INPUT -p tcp --dport 6000:6005 -j ACCEPT
-A INPUT -p tcp --dport 16001 -j ACCEPT #if using gnome
-A INPUT -p tcp --dport 35091 -j ACCEPT #if using gnome
-A INPUT -p udp -m udp --dport 117 -j ACCEPT

[root]# iptables-restore < /tmp/iptables.mod
[root]# service iptables save

3.13.2 Obtain and Install the Remote Visualization License

Remote Visualization uses the RLM to validate the amount of open and available sessions.

These instructions assume you already have access to an RLM Server. See 3.12 Installing RLM Server for instructions on how to set up a new RLM Server.

Do the following:

Email [email protected] and request an activation key. Adaptive Computing will send you the activation key in a return email.
Once you have your activation key, do the following on the RLM Server:
1. Install the license activation script and dependencies.
```
[root]# yum -y install perl-Crypt-SSLeay StarNetFastX2
```
2. Run the license activation script.
```
/usr/lib/fastx2/install/activate
```
3. When prompted:
  - Enter the activation key.
  - Enter how many seats (sessions) you want for this license.
  When the license has generated you will see something similar to the following:
```
License activated and saved in /usr/lib/fastx2/rlm/FastX2-<date>.lic
```
4. Move the license file to the /opt/rlm directory.
```
mv /usr/lib/fastx2/rlm/FastX2-<date>.lic /opt/rlm
```
  This license file references the default RLM Server port (5053). If the RLM Server in your configuration uses a different port, you will need to modify the license file to reflect the actual port.
5. If you did not install an RLM Server using the file available from Adaptive Computing (for example, because your system configuration already uses one), do the following:
  1. Download the 'starnet.set' file from the Adaptive Computing Moab HPC Suite Download Center.
  2. Copy the 'starnet.set' file into the same directory where the Remote Visulaization license resides (/opt/rlm).
6. Remove the license activation script.
```
[root]# yum -y remove StarNetFastX2
```
7. Restart RLM.
```
[root]# service rlm restart
```

3.13.3 Configure the RLM Plugin

Moab can schedule available remote visualization sessions by querying the RLM server for the number of active and total available sessions.

In order for Moab to schedule remote visualization sessions, Moab also needs to be configured to use Moab Web Services as a resource manager. See Configuring Moab Workload Manager in the Moab Web Services Reference Guide for more information.

Do the following:

Using a web browser, navigate to your MWS instance (http://<server>:8080/mws/) and then log in as the MWS administrative user (moab-admin, by default).
Select Plugins and then from the drop-down select Plugins to display the list of MWS plugins (displays Plugin List page).
Click Add Plugin (displays Create Plugin page).
Select RLM from the Plugin Type drop-down.
Click Continue (displays the already built information for this plugin on the Create Plugin page).
In the Configuration field, select Resource from the drop-down and then click Add Entry (adds the Resource key to the table). The following is an example of what your Create Plugin page should look like.
Click to enlarge

Enter the key values. The following table describes the required information.

Key	Value Description
URL	URL for the RLM Server web interface in the form: <protocol>://<rlm_server_host>:<rlm_web_interface_port>. For example: http://server:5054
Username	The username in the RLM Web interface; typically user.
Password	Password used by the user listed in the Username key. This is the password you set when you install the RLM. See Change the Default Passwords.
ISV	Independent software vender for Remote Visualization. This value must be starnet.
Product	Name of the licensed product for Remote Visualization. This value must be fastx2.
Resource	Name of the resource to report to Moab Workload Manager. This value must be remote_visualization.

When finished, click Save to save your changes and close this page; otherwise click Cancel to reset all the changes.
The state should be "Started". If the state says "Errored", click Edit, modify the values as needed, click Update. Then from the Plugin Monitoring page, locate the RLM plugin and click the play icon.
Log out of your MWS instance and close the web browser.

3.13.4 Configure Moab to use Moab Web Services as a Resource Manager

In order for Moab to schedule remote visualization sessions, Moab also needs to be configured to use Moab Web Services as a resource manager.

On the Moab Server Host, do the following:

Add the following lines to /opt/moab/etc/moab.cfg:

RMCFG[mws]                      TYPE=MWS
RMCFG[mws]                      BASEURL=http://localhost:8080/mws

The BASEURL must match the configured URL of MWS.

Add the following line to /opt/moab/etc/moab-private.cfg:
```
CLIENTCFG[RM:mws] USERNAME=moab-admin PASSWORD=changeme!
```
USERNAME and PASSWORD must match the values of auth.defaultUser.username and auth.defaultUser.password, respectively, found in the MWS configuration file. The MWS RM contacts MWS directly using the base URL, username, and password configured.

Restart Moab.

[root]# chkconfig moab on
[root]# service moab restart

3.13.5 Install Remote Visualization

Remote Visualization needs to be installed on the gateway server and on all the session servers (Torque MOM Hosts).

You must complete all the tasks earlier in this topic before installing Remote Visualization.

Do the following:

Prepare the hosts for RPM installation. If you will be installing Remote Visualization on a host that does not have another RPM installation, complete the steps to prepare the host. See 3.2 Preparing the Host – Typical Method or 3.4 Preparing the Host – Offline Method.
On the Remote Visualization Gateway Server Host and each Session Server Host, do the following:
1. Install FastX and all its dependencies.
```
[root]# yum -y install ImageMagick-perl perl-Crypt-SSLeay perl-X11-Protocol StarNetFastX2
```
2. Create or use an unprivileged account to login into FastX with admin privileges.
  The following example uses the ace user and password. You can use an existing user, as long as that user can ssh into this host with a username/password pair.
```
[root]# useradd ace
...
[root]# passwd ace
...
```
3. Run the install.sh script on the Remote Visualization Gateway Server and on all of the Session Servers (Torque MOM Hosts).
```
[root]# export LICENSE_SERVER_HOST="<RLM Server IP address>"
[root]# export ADMIN_USER="ace" # the Remote Visualization administrator user
[root]# printf "y\n$LICENSE_SERVER_HOST\ny\ny\n$ADMIN_USER\ny\n" | /usr/lib/fastx2/install.sh
```

If your Viewpoint configuration will use password-based authentication for Remote Visualization, do the following on each Session Server:
1. Set the following parameters in /etc/ssh/sshd_config:
```
PasswordAuthentication yes
ChallengeResponseAuthentication no
```
2. Restart the sshd service.
```
[root]# service sshd restart
```

If your Viewpoint configuration will use key-based authentication for Remote Visualization, do the following:

Accept the defaults.

A passphrase is not supported by Viewpoint. Leave this field empty.

[ace@<hostname> ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ace/.ssh/id_rsa):
Created directory '/home/ace/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ace/.ssh/id_rsa.
Your public key has been saved in /home/ace/.ssh/id_rsa.pub.
The key fingerprint is:
					---

Copy the generated id_rsa private key to a location where Viewpoint has access.
Set the generated id_rsa public key as an authorized key for the Gateway Server.
```
root# cat .ssh/id_rsa.pub >> .ssh/authorized_keys
```
Copy the id_rsa publish key to all the Session Servers and set it as an authorized key.

For documentation clarity, these instructions use node00 through node09 as the names of the Session Servers; with node00 designated as the initial Session Server.
```
[root]# for i in {00..09} ; do scp .ssh/id_rsa.pub <fastxadminuser>@node$i:id_rsa.pub ; done
[root]# for i in {00..09} ; do ssh <fastxadminuser>@node$i "cat id_rsa.pub >> .ssh/authorized_keys ; rm -f id_rsa.pub" ; done
```

3.13.6 Configure the Gateway Server

Do the following:

Using a web browser, navigate to your secure Remote Visualization Gateway Server instance. (https://<gateway_host>:3443; where <gateway_host> is the IP address or name of the Gateway Server Host).

Click to enlarge

Click the icon for Admin\System Configuration. The icon is circled in the example to assist in finding its location.

Click to enlarge

Select the Network tab. If it is not already selected, select the Configuration sub-tab to display the FastX Network Configuration page.

Click to enlarge

Do the following:
1. In the Secret Key field, enter a name for the secret key. Record this secret key (e.g. copy to your clipboard) because you will need it when configuring the Session Servers later in this topic.
2. Enable the connection to accept data from cluster member.
3. In the box to specify the log in method, select "Sessions - log in to the system running the fewest sessions".
4. Disable the Gateway Server from sending data to cluster members.
The following image is an example of the completed FastX Network Configuration page for the Gateway Server.
Click to enlarge
Click Save to submit your changes.

3.13.7 Configure a Session Server

This section provides instructions on how to configure one Session Server (referred to as the initial Session Server). The configuration will then be copied to the additional Session Servers in your environment in a later procedure.

Do the following:

Using a web browser, navigate to your secure Remote Visualization Session Server instance. (https://<session-host>:3443; where <session_host> is the IP address or name of the initial Remote Visualization Session Server Host).

Click to enlarge

Select the icon for Admin\System Configuration. The icon is circled in the example to assist in finding its location.

Click to enlarge

Select the Network tab. If it is not already selected, select the Configuration sub-tab to display the FastX Network Configuration page.

Click to enlarge

Do the following:
1. In the Secret Key field, enter the name of the secret key created when configuring the Gateway Server earlier in this topic.
  You will not be able to login to the portal on the Gateway Server until you have completed the configuration of at least one Session Server. If you did not save it earlier, the secret key can be found in the /usr/lib/fastx2/config/network.json on the Gateway Server.
2. Disable the connection to accept data from cluster members.
3. Enable the Gateway Server to send data to cluster members.
4. In the box to specify whether to SSL certificates, select "I am using a self-signed certificate".
5. In the Cluster member URLs area, do the following:
  1. Click the + icon.
  2. In the box that displays, enter the IP address or name and the port number of the Gateway Server you just configured (for example: "https://mgmtnode:3443").
The following image is an example of the completed FastX Network Configuration page.
Click to enlarge
Click Save to submit your changes.

3.13.8 Copy the Session Server Configuration to the Remaining Session Servers

After you configured the initial Session Server, the settings are saved in the network.json file.

For documentation clarity, these instructions use node00 through node09 as the names of the Session Servers; with node00 designated as the initial Session Server.

On the initial Session Server Host, copy the network.json file to the remaining Session Server Hosts in your environment, and restart the FastX service.

[root]# for i in {01..09} ; do scp /usr/lib/fastx2/config/network.json root@node$i:/usr/lib/fastx2/config/network.json ; done
[root]# for i in {01..09} ; do ssh node$i "chown fastx. /usr/lib/fastx2/config/. -R" ; done
[root]# for i in {01..09} ; do ssh node$i "service fastx restart" ; done

3.13.9 (Optional) Install Graphical Packages on Each Torque MOM Host

A few graphical packages are available to let you easily submit remote visualization jobs from Viewpoint (install a desktop environment).

One each Torque MOM Host, run the following command(s):

[root]# yum -y groupinstall "Desktop" "Desktop Platform" "X Window System" "Fonts"
[root]# yum -y install xterm

3.13.10 Configure Moab for Remote Visualization

On the Moab Server Host, verify the /opt/moab/etc/moab.cfg file contains the following uncommented parameter:

JOBCFG[remote_visualization] FLAGS=usemoabjobid SELECT=TRUE

This parameter configuration specifies that Moab will reference remote visualization jobs by their internal Moab job id. However, the job's output and error files will still be generated by your resource manager (for exampe, Torque). This means that, even though your job will get assigned a Moab job id, your job's output and error file names will reference the resource manager's job id (for example, job.oX).

If you need the job's output files to match the same job id as your Moab job, append the following parameters to your moab.cfg:

RMCFG[torque] SYNCJOBID=TRUE FLAGS=ProxyJobSubmission

RMCFG[internal] JOBIDFORMAT=integer

Be advised that these appended parameters are not recommended for all systems; especially if your configuration includes customizations. If your system is not working as expected, contact Adaptive Computing support for assistance.

If you have made changes to the moab.cfg file, make sure you restart Moab.

[root]# service moab restart

3.13.11 Configure Viewpoint for Remote Visualization

Do the following:

Using a web browser, navigate to your Viewpoint instance (http://<server>:8081) and then log in as the MWS administrative user (moab-admin, by default).

Click Configuration from the menu and then click Remote Visualization Services from the left pane.

The following is an example of the Remote Visualization Configuration page.

Click to enlarge

Enter the hostname (or IP address) and port number for the FastX gateway server in the Gateway Server field. For example, https://<server>:3443.
If your Remote Visualization configuration was set up using self-signed certificates, confirm the Trust Self Signed check box is selected.
Enter the FastX admin user you specified when you installed the Remote Visualization Server in the Username field. For example, ace.
If your configuration will authenticate using the password-based method, do the following:
1. Select Password Based Authentication from the Authentication Method box.
2. Enter the FastX admin user's password in the Password field.
  The /etc/ssh/sshd_config file on each Session server must be configured to enable password authentication. See 3.13.5 Install Remote Visualization earlier in this topic for more information.
If your configuration will authenticate using the key-based method, do the following:
1. Select Key Based Authentication from the Authentication Method box.
2. Click UPLOAD KEY and navigate to the copy of the generated .ssh/id_rsa file.
Click TEST to confirm your settings are correct.
Click SAVE to submit your settings.