Torrent Suite SoftwareAdministration Guide
Torrent Suite Software space on Ion Community
Prepare Your Site
The Torrent Server requires internet connectivity to install software updates and patches from Ion Torrent. To facilitate deployment, it is important that you prepare your site network infrastructure in advance.
Review the following topics to prepare your site for server installation:
Network connectivity preparation
Network provisioning
Network provisioning should be completed before the scheduled installation:
- A network access jack should be identified and enabled in the area where the Torrent Server will be deployed. An Ethernet cable is provided with the server. The cable connects to the port labeled LAN on your Torrent Server; the remaining ports are used to connect to the Ion Proton and Ion PGM Sequencers.
- DNS should be configured in advance of the scheduled installation.
Port assignment
To fully support the Torrent Server and Ion Torrent sequencers, remote monitoring must be provided using Axeda Remote System Monitoring software, enabled and able to reverse ssh into the boxes. This requirement means that the Ion sequencers andTorrent Servers be connected to the internet with outbound connections permitted on the following ports:
Port |
Required |
Use |
---|---|---|
22 |
Yes |
Start reverse SSH tunnel for remote troubleshooting |
80 |
Yes |
Download updates from http://updates.iontorrent.com and http://us.archive.ubuntu.com |
123 |
Yes |
(UDP) NTP access to the Internet; incoming and outgoing. |
443 |
Yes |
Enable sending of basic status information to the remote monitoring server. The IonReporterUploader plugin also requires port 443 to transfer data to Ion Reporter Software. |
5432 |
No |
Remote access to PostgreSQL database. |
Name resolution
A DHCP-assigned address is recommended. (The Torrent Server can be reconfigured to use a static IP address, if necessary.)
Server run, report and configuration data are accessed using your workstation Web browser. You must be able to access the server UI by entering the server hostname in your browser URL address field.
Network security
Firewall
Your Torrent Server is shipped with a firewall enabled.
Ion Torrent networks have been added to the firewall rules (in
/etc/iptables.rules
) to permit access to the Torrent Server.
Use
/etc/iptables.custom
if you add your own custom rules. The script
/etc/init.d/networking restart
picks up firewall settings from
/etc/iptables.custom
.
IP address
Use your web browser to discover your external (public) IP address.There are several sites that can be used to determine your IP address, such as http://whatismyip.com .
You may also use a text-based browser, such as Links , to find your external IP address. For Links, use the following command, which returns your external IP address:
links -dump http://whatismyip.com | grep "Your IP Address Is"
Secure the Torrent Server and Ion PGM or Ion ProtonSequencer with iptables
The Torrent Server can further be secured by using iptables. (The administrator is assumed to be familiar with iptables and their use.)
A basic iptables configuration is provided by default with the Torrent Server.
Ensure the following Ion Torrent IP addresses are in the
iptables.start
file. For simplicity, add the entire address range as shown:
$IPTABLES -A INPUT -p tcp --dport 22 -s 38.110.159.160/27 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -s 38.126.104.128/25 -j ACCEPT
Use the following procedure to configure the iptables for your location:
-
In the
/etc
directory, createiptables.start
andiptables.stop
files similar to the example files shown below. -
Type the command
sudo chmod +x iptables*
. -
Edit the
rc.local
file similar to the examples shown below (see## ADD THE FOLLOWING LINE
in the example). -
Start iptables using the command:
sudo /etc/iptables.start.
Ion PGM or Ion ProtonSequencer
iptables.start
#!/bin/sh # iptables IonTorrent - PGM 1.0.0 # IPTABLES="/sbin/iptables_32" #$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT $IPTABLES -A INPUT -p icmp -j ACCEPT $IPTABLES -A INPUT -s 127.0.0.1 -j ACCEPT # PGM instrument's own IP address here $IPTABLES -A INPUT -s 128.114.63.84 -j ACCEPT $IPTABLES -F $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # Allow ssh from these addresses: NEW IW, IE, ... elided ... $IPTABLES -A INPUT -p tcp --dport 22 -s 71.6.74.66 -j ACCEPT #$IPTABLES -A INPUT -p tcp --dport 22 -s 173.13.110.174 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -s 173.13.110.163 -j ACCEPT #$IPTABLES -A INPUT -p tcp --dport 22 -s 173.13.146.13 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -s 128.114.63.83 -j ACCEPT # Allow http connection to update server $IPTABLES -A INPUT -p tcp --dport 80 -s 173.13.110.163 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 80 -s 66.166.233.178 -j ACCEPT # Test connection from ICE $IPTABLES -A INPUT -i eth0 -p udp --dport 67:68 ... elided ... $IPTABLES -A INPUT -p tcp --dport 80 -j DROP $IPTABLES -A INPUT -p tcp --dport 22 -j DROP
iptables.stop
#!/bin/sh # iptables IonTorrent - PGM 1.0.0 # IPBLES="/sbin/iptables_32" $IPTABLES -F $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT
rc.local
#!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. # Create file's magic database file. if test -f /usr/share/misc/file/magic; then if test ! -f /usr/share/misc/file/magic.mgc; then file -C /usr/share/misc/file/magic.mgc fi fi touch /var/lock/subsys/local ## ADD THE FOLLOWING LINE /etc/iptables.start /software/patchcheck.sh /bin/settime /software/pciinit modprobe radeonfb fbset 800x600-75-32 /software/nanox/nano-X & /software/nanox/nanowm & sleep 0.5 cd /software/gui ./launcher & cd /software /software/datacollect & cd /software/gui/cntrl sleep 0.25 /software/gui/cntrl/Controller &
Torrent Server
iptables.start
#!/bin/sh IPTABLES="/sbin/iptables" $IPTABLES -F $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT $IPTABLES -A INPUT -p icmp -j ACCEPT $IPTABLES -A INPUT -s 127.0.0.1 -j ACCEPT # Enter Server's IP address here $IPTABLES -A INPUT -s 128.114.63.83 -j ACCEPT # IP addresses to allow ssh access: NEW IE, IW, PGM, NEW IW $IPTABLES -A INPUT -p tcp --dport 22 -s 173.13.110.163 -j ACCEPT #$IPTABLES -A INPUT -p tcp --dport 22 -s 173.13.146.13 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -s 128.114.63.83 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -s 71.6.74.66 -j ACCEPT # allow all traffic from PGM # (FTP wants more than port 21 with extended response features) $IPTABLES -A INPUT -p tcp -s 128.114.63.84 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT $IPTABLES -A INPUT -i eth0 -p udp --dport 67:68 ... elided ... $IPTABLES -A INPUT -p tcp --dport 80 -j DROP $IPTABLES -A INPUT -p tcp --dport 22 -j DROP
iptables.stop
#!/bin/sh IPTABLES="/sbin/iptables" $IPTABLES -F $IPTABLES -P INPUT ACCEPT $IPTABLES -P FORWARD ACCEPT
rc.local
#!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script ... elided ... # bits. # # By default this script does nothing. ## ADD THE FOLLOWING LINE /etc/iptables.start exit 0
Torrent Suite™ Software Administration Guide
Deploy Your System
Prepare Your Site
Install the Server
Network Connectivity
Update Torrent Suite™ Software
Install Analysis Plugins
Configure Torrent Suite™ Software
Verify Functionality
Manage Sequencer Settings from the Torrent Browser
Monitor Free Disk Space
Back Up and Restore Data
Mount a USB Drive
Boot Into Single-User Mode
Install and Use a UPS
Axeda® Remote System Monitoring (RSM)
Configure Chips
Configure Experiments
Configure Global Configs
Configure Users
Approve User Account Requests
Configure Basecaller Default Parameters
Upgrade Your Torrent Server Ubuntu® Software
View Network Settings
Shutdown Server
Use a Torrent VM to Evaluate a New Torrent Suite™ Software Release
Update Server
Update the Ion OneTouch™ Device
Manage your SGE Cluster with QMON
View System Support Diagnostics
View Instrument Diagnostics