Using the Aging Servers - Overview

Aging Servers

The NBER provides computing environment in which it hosts many sensitive data. The set of servers within this environment is informally known as the "Aging Computing Cluster." These are Linux based multi-user servers with varying CPU, and memory capacity. The current set of servers are named:
age1.nber.org ... age17.nber.org
agesas1.nber.org ... agesas3.nber.org (for sas only)

You can run Stata, R, python, SAS, Octave, C++, FORTRAN, Perl etc on these servers. MS Word, Excel compatible software is available via openoffice.org. Many text editors such as vi, emacs, gnome text editor, vscode are also available.

Evolving requirements from data providers such as the Centers for Medicare and Medicaid Services require the NBER to prevent any accidental export of sensitive data. The NBER has placed significant restrictions on how you can access the Aging servers. 

This means that you cannot directly ssh login to these servers(age1.nber.org ... age17.nber.org).  You must first use Remote Desktop connection to agerdp1.nber.org - a special server we have set up for RDP connections. We have deliberately set this RDP server to not allow computing jobs to be run on it, so, all its resources are dedicated for a smooth RDP experience. You must then open terminals within this RDP environment, and ssh to the servers for computing.

A quick start guide is given below, and there is a full explanation of the restrictions and reasoning behind them in the Aging Network Explanation section.

Quick Start Guide

  1. To connect to the Aging network, you will need to have the FortiClient VPN active for the duration of your connection. You can learn how to set that up here.
  2. Once your VPN is connected, you can connect to the Aging RDP-Server via Remote Desktop connection.

You are now in the Aging network! Your remote desktop will be your main workspace within the Aging network, so here are some resources to help you use it most effectively:

Aging Network Explanation

A Diagram showing the limitations of connections in the Aging network.

The restrictions surrounding the Aging Network are designed to ensure that no data can be improperly removed from the network. To do this we have blocked all entry and exit points besides RDP connections. This includes blocking secure copy (scp) into and out of the servers, as well as blocking copy-pasting data into or out of a Remote Desktop session. You can still bring files into the Aging Network, although the process is a little roundabout. You can also get files out of the Aging network, but to do this you must request a data extraction from NBER IT staff.

Here are some tips to make your RDP experience smoother:

  • RDP only to agerdp1.nber.org.  You only need one RDP session and need not RDP to other servers.
  • It helpful to only have 1 RDP session.  With multiple RDP sessions, there is a potential for your RDP sessions to get messed up and you might get the dreaded "blue or black" screen. In order for RDP to function, it needs to keep track of terminals and windows open on the Gnome Desktop. It stores certain files in your homedir under ~/.cache folder and a few other folders. It also creates folders such as the "Desktop", "Documents" as part of the Gnome environment. Please note that your homedir is the same across all the servers. If you have multiple RDP sessions, each has the potential to step on the other and corrupt certain settings.  It does not happen every time but there is a potential for it to happen.
  • Your own computer's Display Resolution matters.  You want to keep the resolution to no more than 1980x1020.  At higher resolutions, you will see lags when you drag your mouse over within the RDP environment.  You would also want to set your RDP display connection to "High Color 16bit" down from the default of "Highest Quality 32-bit."  Please see: https://www.nber.org/technology-support/connecting-server-remote-desktop
  • You can also create a ssh key and use Linux Desktop environment's ssh agent utility which the Linux Desktop environment starts under the RDP session. You can avoid having to type your credentials every time you ssh to a server. Here is how it works. The first time you ssh to a server from a terminal within this RDP session, you will be prompted for your credentials, but future ssh logins under this same RDP session will not require you to enter your credentials because the ssh agent will handle it.  It is important to note that this utility is contained within this environment and therefore still secure. The link Connecting to the Aging Servers via SSH under the "Quick Start" section describes how to do this.
  • You will also benefit if you edit your code on agerdp1 rather than logging on to the servers for computing and editing your code files there. Many users, use "stata" do file editors under the xstata GUI or Rstudio and edit their code. But because stata/xstata or Rstudio can be run only on servers for computing, the performance can be patchy and subject to the load on those servers especially when multiple computationally intensive jobs with large memory allocations are run or are started and collectively end up exhausting system resources. We will leverage our set up of not allowing computing jobs to run on agerdp1 to get a faster and more consistent experience when you edit your code on agerdp1. Note that the paths to your folders are the same across all the systems, including agerdp1. You can edit your code on agerdp1 and run those codes on a server for computing (ageX.nber.org).  Editors such as, vscode, sublime text, plain text editor, ViM, Emacs are all available under the Linux Desktop environment. The link Introduction to the Gnome Desktop gives the details.
  • From the command line on any server, including on agerdp1, use the command showload to determine which server to use to run your job. Also at https://my.nber.org/unix_user_resources .

 

For support, please email it-support@nber.org.