License Proxy - SSH Tunnel

A step-by-step guide for Rescale customers to setup a license proxy using SSH tunnel mode on Rescale admin page

SSH Tunnel Mode is used when a user opts to use their existing software licenses on Rescale’s platform by establishing an SSH tunnel. Rescale provisions an exclusive proxy server for that user and the proxy server forwards license polling requests from software on Rescale’s platform to a user’s local license server. This is the quickest method to setup a license proxy. It also provides free encryption service; all license requests are passed through an encrypted SSH tunnel. There will be a recurring monthly charge for the connectivity to the Rescale proxy server that has to be paid by the user

Here are the prerequisites to set up license proxy in SSH Tunnel mode:

  • The user should have an account on Rescale.
  • The user should be a company administrator (on Rescale). To become a company administrator, please email a request to support@rescale.com.
  • This setup is recommended to be done by a company IT/Network Engineer or a license server admin in the company having knowledge/authority to make changes on the gateway device/firewall rules if required.
  • The user should have admin privileges to the on-premises license server to debug any issues during the setup. Ideally, this is the IT admin of the company who manages the on-premises license server.
  • The license file must be a floating license, node-locked licenses cannot be used.
  • Hostname (Internal/Private) of on-premise license server machine hosting the licenses.
  • The user's computer should allow outbound ssh access on port 22 or know the additional ssh port incase if using a customized ssh port than the default ssh port (22).
  • List of software(s) and associated license and vendor port(s).
  • Ensure that the vendor port is fixed in license file before starting with the license proxy setup, for all the softwares using FlexLM and RLM license services (e.g ANSYS, STAR-CCM+,Converge, Comsol, etc.) How to Fix Vendor Port.
  • The user should have ssh-key pair (Public and private) generated and saved on the license server machine or the computer from which the SSH tunnel connection needs to be initiated to complete the license proxy setup
  • For Windows OS: The user should have the open source SSH bundle containing Plink, PuTTY, PuTTYgen and Pageant downloaded on the license server machine or the computer from which the SSH tunnel connection needs to be initiated to complete the license proxy setup. Here is link to download the SSH bundle link.

This section lists the steps on how to extract the port and hostname information required for the license proxy setup. These information can be extracted from the license file and the associated license logs on the on-premise license server machine hosting the licenses

Obtain Port (License and Vendor) Information

  • The port (license and the vendor) information can be obtained from the license file and the associated license logs

  • For both FlexLM and RLM there are 2 processes that handle license access: the License Server (lmgrd or rlm) and the Vendor Daemon

FlexLM (e.g ANSYS, STAR-CCM+, COMSOL etc.)

  • For applications using FlexLM license service (ansyslmd, cdlmd, etc.) , the license port can be found from the license file. Open the license file (e.g license.dat or license.lic) and look at the "SERVER" line for the license port that the license is being hosted on.

  • For the vendor port you can confirm this from the "VENDOR" line of the license file or from the license logs. For e.g, in case of "ANSYS" you can open the ansyslmd.log (on the on-premise license server machine hosting the licenses) file and look at the part of the log where it says something like:

00:00:00 (lmgrd) FlexNet Licensing (<license manager version>) started on <hostname>
00:00:00 (lmgrd) lmgrd tcp-port <license server port>
00:00:00 (lmgrd) Started <vendor daemon> (pid <pid>)
00:00:00 (lmgrd) <vendor daemon> using TCP-port <vendor port>

RLM (e.g Converge, MixIT etc.)

  • For applications using Reprise License Manager (RLM), the license port information can be obtained from the "HOST" line of the license file and the associated license log (from the on-premise license server machine hosting the licenses).

  • For the vendor port information you can confirm this from the "ISV" line of the license file or open the associated license logs. For e.g, in case of "Converge" you can open the converge.log (on the on-premise license server machine hosting the licenses) file and look at the part of log where it says something like this:

1/1 00:00 (rlm) License server started on <hostname>
1/1 00:00 (rlm) Using TCP/IP port <license server port>
1/1 00:00 (rlm) Starting ISV server <vendor daemon> on port <vendor port>

Some of the Examples of Default Port Numbers used for Softwares

FlexLM (Flexera License Manager)

  • ANSYS - ANSYS uses default license ports as 1055 and 2325 . You can confirm if the license port is indeed 1055 or some other port number from the "SERVER" line of the license file and vendor daemon port that can be set in the license file in the "VENDOR" line. You can choose any port that is available on your end and not being used by any other application and fix it in the license file.

  • STAR-CCM+ - STAR-CCM+ uses default port as 1999 . You can confirm if the license port is 1999 from the "SERVER" line of the license file and can choose any port for the vendor daemon port that is available on your end and not being used by any other application and fix it in the license file in the "VENDOR" line.

  • ABAQUS - ABAQUS uses default port 27000. You can confirm if the license port is 27000 from the "SERVER" line of the license file and can choose any port for the vendor daemon port that is available on your end and not being used by any other application and fix it in the license file in the "VENDOR" line.

  • COMSOL - COMSOL uses default port 1718. You can confirm if the license port is 1718 from the "SERVER" line of the license file and can choose any port for the vendor daemon port that is available on your end and not being used by any other application and fix it in the license file in the "VENDOR" line.

RLM (Reprise License Manager)

  • Converge - Converge uses default port 2765. You can confirm if the license port is 2765 from the "HOST" line of the license file and can choose any port for the vendor daemon port that is available on your end and not being used by any other application and fix it in the license file in the "ISV" line.

LSTC (Livermore Software Technologies)

  • LS-DYNA - LS-DYNA uses a single license port and does not use any vendor port. The default license port used by LS-DYNA is 31010. You can confirm this from the license file.
  • The vendor dameon port is by default a dynamic port that can change when the license server undergoes a restart as a result of re-installing a license or just simply routine server maintenance. Fixing the vendor port ensures that it does not change after the setup

  • To fix the vendor ports, follow the steps listed below:

  • Please note, Before making any changes to the vendor port(s), make sure you temporarily shutdown the on-premise license server machine or the license manager and make sure there are no running jobs making use of the licenses

For Windows Users
  • Open the license file in text editor with admin privileges. For instance,

My Computer > D:> Documents > license > license-file.txt

  • Now, once you locate your license file, right click and Run as administrator

  • If you do not get the option of opening the document with admin rights, please open Notepad with admin rights and open the license file in it

Notepad-administrator

FlexLM
  • For applications (e.g ANSYS, STAR-CCM+, COMSOL, ABAQUS etc.) using FlexLM license service, once you open the license file, you will see lines similar to the one below and if the vendor port is not fixed:

ANSYS:

SERVER Hostname xxxxxxxxxx 1055
VENDOR ansyslmd

STAR-CCM+:

SERVER Hostname xxxxxxxxxx 1999
VENDOR cdlmd

COMSOL:

SERVER Hostname xxxxxxxxxx 1718
VENDOR LMCOMSOL

ABAQUS:

SERVER Hostname xxxxxxxxxx 27000
VENDOR ABAQUSLM

Please add PORT = [your-vendor-port-number] in the VENDOR line of the license file

For example: If you choose the vendor port for ANSYS to be "27000" the license file should look like:

ANSYS:

SERVER hostname xxxxxxxxxx 1055
VENDOR ansyslmd PORT=27000

If you choose the vendor port for STAR-CCM+ to be "28000" the license file will look like:

STAR-CCM+:

SERVER hostname xxxxxxxxxxx 1999
VENDOR cdlmd PORT=28000

RLM
  • For applications (e.g Converge, MixIT etc.) using RLM license service, once you open the license file you will see lines similar to the one below and if the vendor port is not fixed:

Converge:

HOST Hostname xxxxxxxxxx 2765
ISV csci

MixIT:

HOST Hostname xxxxxxxxxx 28709
ISV tridiagsol

Please add PORT = [your-vendor-port-number] in the ISV line of the license file

For example: If you choose the vendor port for Converge to be "2760" the license file should look like:

Converge:

HOST Hostname xxxxxxxxxx 2765
ISV csci PORT=2760

If you choose the vendor port for MixIT to be "29000" the license file should look like:

MixIT:

HOST Hostname xxxxxxxxxx 28709
ISV tridiagsol PORT=29000

  • Once the vendor port is fixed in the license file, Save and close the license file
  • Verify that the vendor port is fixed by re-opening the file
  • Once, you verify the vendor port was fixed, restart the license server or the license manager
  • Check the license log file to see if the vendor port is the one you fixed in the license file. For e.g , in case of ANSYS or STAR-CCM+ you can check ansyslmd.log or cdlmd.log file for the logs to verify the changes.

Note:

  • It is recommended that you choose a vendor port that is easy to remember (any number ending with 0s). For e.g, you can choose to fix the vendor port to 27000 or 28000 etc. If this vendor port number that you choose to fix is open on your firewall/gateway and not being used by any other software application.
  • If you have more than 1 license file, you should fix the vendor port in all the license files. Otherwise, you will get an error when you restart the license server. You need to fix the vendor port in all the license files that are associated with the server.
For Linux Users
  • Open Terminal

  • Locate your license file where it is saved. For instance:

cd Documents/license/license-file.txt

  • Open the license file in a text editor with admin privileges. For example, if you are using Vim text editor, type vim [name-of-your-license-file], otherwise use appropriate command to open the license file as per the available text editor you have
FlexLM
  • For applications(e.g ANSYS, STAR-CCM+) using FlexLM license service, once you open the license file,
  • For e.g, in case of ANSYS and STAR-CCM+ you will see lines similar to the one below when you open the license file and if the vendor port is not fixed:

ANSYS:

SERVER hostname xxxxxxxxxx 1055
VENDOR ansyslmd

STAR-CCM+:

SERVER hostname xxxxxxxxxx 1999
VENDOR cdlmd

COMSOL:

SERVER Hostname xxxxxxxxxx 1718
VENDOR LMCOMSOL

ABAQUS:

SERVER Hostname xxxxxxxxxx 27000
VENDOR ABAQUSLM

Please add PORT = [your-vendor-port-number] in the SERVER line of the license file

For example: If you choose the vendor port for ANSYS to fix be "27000" the license file should look like:

ANSYS:

SERVER hostname xxxxxxxxxx 1055
VENDOR ansyslmd PORT=27000

If you choose the vendor port for STAR-CCM+ to be "28000" the license file will look like:

STAR-CCM+:

SERVER hostname xxxxxxxxxxx 1999
VENDOR cdlmd PORT=28000

RLM
  • For applications (e.g Converge, MixIT etc.) using RLM license service, once you open the license file you will see lines similar to the one below and if the vendor port is not fixed:

Converge:

HOST Hostname xxxxxxxxxx 2765
ISV csci

MixIT:

HOST Hostname xxxxxxxxxx 28709
ISV tridiagsol

Please add PORT = [your-vendor-port-number] in the ISV line of the license file

For example: If you choose the vendor port for Converge to be "2760" the license file should look like:

Converge:

HOST Hostname xxxxxxxxxx 2765
ISV csci PORT=2760

If you choose the vendor port for MixIT to be "29000" the license file should look like:

MixIT:

HOST Hostname xxxxxxxxxx 28709
ISV tridiagsol PORT=29000

  • Once the vendor port is fixed in the license file, Save and close the license file
  • Verify that the vendor port is fixed by re-opening the file
  • Once, you verify the vendor port was fixed, restart the license server or the license manager
  • Check the license log file to see if the vendor port is the one you fixed in the license file. For e.g , in case of ANSYS or STAR-CCM+ you can check ansyslmd.log or cdlmd.log file for the logs to verify the changes.

Note:

  • It is recommended that you choose a vendor port that is easy to remember (any number ending with 0s). For e.g, you can choose to fix the vendor port to 27000 or 28000 etc. If this vendor port number that you choose to fix is open on your firewall/gateway and not being used by any other software application.
  • If you have more than 1 license file, you should fix the vendor port in all the license files. Otherwise, you will get an error when you restart the license server. You need to fix the vendor port in all the license files that are associated with the server.

This section lists the steps to setup a license proxy on the Rescale admin page. The license proxy setup on the Company Administration Page can be accessed at license proxy page.

  • Navigate to the Rescale Administrator page from your accounts to start the setup of license proxy
  • Navigate to Integrations >> License Proxies
  • Select Add New
  • The page will look similar to the screenshot below:

SSH-Tunnel-Proxy

  • Give a Unique Name for the license proxy
  • Select SSH Tunnel as the "License Proxy Mode"
  • Paste the public SSH keys for authorized connection to the license proxy server in the "SSH Settings" section. This is a key pair that is generated on the machine (License server) used to initiate the SSH tunnel. This is a required field to be able to launch the license proxy in SSH tunnel mode. If you are unsure on how to do this, please check out this page on SSH Keys How to Generate SSH Key pair
  • You can also specify an additional SSH port if incase if using a customized ssh port than the default ssh port (22) using the Specify an additional SSH port option in the bottom right corner below the SSH key field in the SSH keys section. For e.g if you are using 443 as the SSH port, you can select Specify an additional SSH port option and add 443 as shown below:

Advanced-Settings

  • Add an allowed IP in the "Allowed IP (or CIDR range) field Rule . This is the public IP of your on-premise network to allow SSH access. These are the CIDR rules for SSH access to the license proxy server

Here is how you can find the public IP of your on-premise network:

  • For Linux/Mac OS : Open terminal and type curl ifconfig.me. This will give the public IP of your network.

  • For Windows OS : Open command prompt window and type ipconfig . This will give the public IP of your network.

  • You can also find the public IP by opening a web browser (Google Chrome or Internet Explorer) and searching for "my IP"

  • Copy and paste the IP address that you obtain when you search in the web browser (e.g if you get 100.24.32.20 when you search for "my IP") , add this IP in the "Allowed IP" field and add a description (e.g "Office IP") that you want to describe it as.

The CIDR rule is required because this will enable the SSH tunnel execution from that location to the Rescale proxy. Every user in the company will be able to use Rescale and submit jobs as long as this tunnel connection is UP, regardless of the physical location. If the license server(s) are in the same network, then there has to be a public IP of that physical location added in the Access Rules.

  • If you want to add multiple IPs in the "Allowed IP" field, click on "Allow another IP/CIDR" button.

  • Now, add the the license port information in the "License Hosts" section.

  • Enter the resolvable Hostname of your on-premise license server machine. This is the internal/private hostname of the on-premise license server machine that hosts the software application licenses. The hostname can be obtained from the license file.

  • Here is how to find the hostname of the license server machine:

    • FLEXLM - For all the software applications that use FLEXLM (Flexera) type of license service such as, ANSYS, STAR-CCM+, ABAQUS, COMSOL etc., you can find the hostname from the "SERVER" line of the license file. For e.g in case of ANSYS, you will see lines similar to this in the license file: "SERVER HOSTNAME xxxxxxxx 1055"

    • RLM - For all the software applications using Reprise License Manager (RLM) type of license service such as, Converge, MixIT etc., you can find the hostname from the "HOST" line of the license file. For e.g in case of Converge, you will see lines similar to this in the license file: "HOST HOSTNAME xxxxxxxx 2765"

  • Select the software that you want to configure the license proxy for from the "Software(s) dropdown. Please choose all the softwares that you want to configure in the software section. For example if you are using COMSOL Multiphysics in batch as well as COMSOL Multiphysics GUI in a Rescale Desktop, then you should choose both COMSOL Multiphysics as well as COMSOL Multiphysics GUI in the software entry.

  • Set the License Port. This port is the port that the job refers to while checking out license. This is the license port that is being used by the application on-premise on your license server machine.

  • Enter the Vendor Port . This is the vendor daemon port that is being used by this software application.

    • This port is required for applications using FlexLM or RLM type of license service such as ANSYS, STAR-CCM+, ABAQUS, COMSOL etc.

Obtain Port (License and Vendor) Information

  • The port (license and the vendor) information can be obtained from the license file and the associated license logs

  • For both FlexLM and RLM there are 2 processes that handle license access: the License Server (lmgrd or rlm) and the Vendor Daemon

FlexLM (e.g ANSYS, STAR-CCM+, COMSOL etc.)

  • For applications using FlexLM license service (ansyslmd, cdlmd, etc.) , the license port can be found from the license file. Open the license file (e.g license.dat or license.lic) and look at the "SERVER" line for the license port that the license is being hosted on.
  • For the vendor port you can confirm this from the "VENDOR" line of the license file or from the license logs. For e.g, in case of "ANSYS" you can open the ansyslmd.log (on the on-premise license server machine hosting the licenses) file and look at the part of the log where it says something like:
00:00:00 (lmgrd) FlexNet Licensing (<license manager version>) started on <hostname>
00:00:00 (lmgrd) lmgrd tcp-port <license server port>
00:00:00 (lmgrd) Started <vendor daemon> (pid <pid>)
00:00:00 (lmgrd) <vendor daemon> using TCP-port <vendor port>

RLM (e.g Converge, MixIT etc.)

  • For applications using Reprise License Manager (RLM), the license port information can be obtained from the "HOST" line of the license file and the associated license log (from the on-premise license server machine hosting the licenses).
  • For the vendor port information you can confirm this from the "ISV" line of the license file or open the associated license logs. For e.g, in case of "Converge" you can open the converge.log (on the on-premise license server machine hosting the licenses) file and look at the part of log where it says something like this:
1/1 00:00 (rlm) License server started on <hostname>
1/1 00:00 (rlm) Using TCP/IP port <license server port>
1/1 00:00 (rlm) Starting ISV server <vendor daemon> on port <vendor port>

Some of the Examples of Default Port Numbers used for Softwares

FLEXLM (Flexera License Manager)

  • ANSYS - ANSYS uses default license ports as 1055 and 2325 . You can confirm if the license port is indeed 1055 or some other port number from the "SERVER" line of the license file and vendor daemon port that can be set in the license file in the "VENDOR" line. You can choose any port that is available on your end and not being used by any other application and fix it in the license file.

  • STAR-CCM+ - STAR-CCM+ uses default port as 1999 . You can confirm if the license port is 1999 from the "SERVER" line of the license file and can choose any port for the vendor daemon port that is available on your end and not being used by any other application and fix it in the license file in the "VENDOR" line.

  • ABAQUS - ABAQUS uses default port 27000. You can confirm if the license port is 27000 from the "SERVER" line of the license file and can choose any port for the vendor daemon port that is available on your end and not being used by any other application and fix it in the license file in the "VENDOR" line.

  • COMSOL - COMSOL uses default port 1718. You can confirm if the license port is 1718 from the "SERVER" line of the license file and can choose any port for the vendor daemon port that is available on your end and not being used by any other application and fix it in the license file in the "VENDOR" line.

RLM (Reprise License Manager)

  • Converge - Converge uses default port 2765. You can confirm if the license port is 2765 from the "HOST" line of the license file and can choose any port for the vendor daemon port that is available on your end and not being used by any other application and fix it in the license file in the "ISV" line.

LSTC (Livermore Software Technologies)

  • LS-DYNA - LS-DYNA uses a single license port and does not use any vendor port. The default license port used by LS-DYNA is 31010. You can confirm this from the license file.

  • For application such as LS-DYNA that uses LSTC or Dynamore license service, the vendor port is not required and the "Vendor port" field can be left blank for LS-DYNA or any software that does not use a vendor daemon port.

Advanced Settings

  • You can also use the small "Toggle Icon" on the bottom right corner in license hosts section for advanced settings as shown below:

Advanced-Settings

  • This setting can be used when you have multiple software applications being hosted on different machines on-premise but using the same port. In such case you can choose a different or unique "Proxy" port to map to each different on-premise machine for those applications and choose those softwares from the list of softwares

Specify Additional Ports

  • This option can also be used if the application is using single license port but multiple vendor port (For e.g PowerFLOW) or multiple license port (For e.g ANSYS). You can choose "+ Specify an additional license port" option and add the multiple vendor ports or license port for the software as shown below:

Additional-Ports

Specify Another License Service

  • If you have multiple license services being hosted on a single host, and if you want to connect additional license services to same host, then you can choose the "+ Specify another license service" option as shown below and add the required port information for the same:

Specify-license-services

Connect this Proxy to another License Host

  • If you want to connect additional applications that are being hosted on-premise on a different license server which has a different hostname and IP, you can choose the "+Connect this proxy to another on-premise license host" option as shown below:

Launch

  • Once you are done with configuring all the details you can click on the Launch License Proxy button at the bottom of the license proxy page.

  • The port information for the software you are using can be obtained from your license file (FlexLM or RLM)

  • After making the above mentioned changes, click on the Launch License Proxy button

  • You will now see a screen with status like the one below:

Launch-Status

  • Once the proxy is launched, you will see a Status and Info section at the top of the license proxy page. The Status section indicates :
  • Proxy: If the license proxy launch was successful or not. If that status shows as UP in "Green" that indicates that the proxy was launched properly.
  • Last Sync: If the last changes that you saved were successfully saved or not. If that status shows as SUCCESSFUL in "Green" that indicates that the last sync was successfull.
  • Connections: If there are acitve connections listening on that IP and port, this will show as ACTIVE in Green.

Note: If you see any of the Status in the status section in Yellow or Red that indicates that either the last sync was not successful or there are no active connections for the proxy. In such cases, please reach out to support@rescale.com

  • Info - In this section you will see the public IP of the license proxy.

Once the license proxy is launched here are the steps to initiate the SSH tunnel connection:


For Windows Users

It is recommended to create a dedicated folder and save all the files from the steps below (SSH bundle, SSH tunnel script and the SSH key-pair) in a single folder

Download the SSH Batch Script

  • Download Batch Script from the Setup section as shown below:

Windows-Batch-Script

  • You can also copy the "Batch Script" from the small clipboard icon on the bottom right corner in the "windows" batch script section.

Download SSH Bundle

Make sure that you have the open-source SSH bundle downloaded from the link containing the following:

  • Plink - to be used to run the executable
  • PuTTY - to be used as SSH terminal
  • PuTTYgen - to generate the (private/public) key pair
  • Pageant - to enable private key for connection

Directory Files

Make sure you have moved all of the files from download folder to a specified location

Example: My Computer > C:> Documents > Rescale tunnel

Generate (private/public) Key Pair using puTTYgen

To generate the private/public key pair, follow the steps as mentioned below:

  • Open puTTYgen, generate the private/public key pair and save it to same folder where all the files were saved in the previous step

See screenshot below to generate the key pair:

puttygen-keypair

  • It is recommended to use SSH-2 RSA keys for the license proxy setup

  • Copy the public SSH key directly from the PuTTY screen and paste it in the "SSH key" section on the license proxy page. Make sure you copy the complete key and are not missing any characters at the end.

  • Do not save the public SSH keys in a notepad and copy, because when you save your public SSH keys in notepad and then copy the ssh keys the keys are incomplete and are missing the end part of your public SSH keys. This will throw an "Authentication Error" when you initiate the SSH tunnel connection.

Import Keys into Pageant

To import keys into Pageant follow the steps mentioned below:

  • Open pageant.exe to launch the key manager, it might launch in the Windows taskbar
  • Look for the pageant.exe icon in the taskbar, right click on it and select Add Key

pageant-addkey

  • Select the private key that you generated in the above step to import it into pageant and click Open

pageant

  • Once you have all the files in a single folder from the steps above, open command prompt window

  • Add your private keys in "Pageant"

  • Copy the "Batch Script" from the Setup section of the license proxy page or open the downloaded "Batch Script" file and copy the batch script starting "plink.exe..." until the very end where it says "-v -N"

  • For e.g plink.exe -ssh username@license-proxy-name.tunnel.rescale.com -R 1055:on-prem-license-server-1:1055 -R 2325:on-prem-license-server-2:2325 -R 49281:on-prem-license-server-3:49281 -v -N

  • Navigate to the folder you have saved all the files from the steps above

  • Paste the "Batch Script" in the command prompt window

  • If everything is configured correctly as per the steps above, you should now see an output similar to the following in the command prompt window:

Looking up host "<company>.tunnel.rescale.com"
...
Authenticating with public key "<key>" from agent Sending Pageant's response
Access granted
Requesting remote port 27000 forward to my-server:27000
Requesting remote port 28000 forward to my-server:28000
Remote debug message: Forwarding listen address "localhost" overridden by server GatewayPorts Remote port forwarding from 27000 enabled
Remote debug message: Forwarding listen address "localhost" overridden by server
GatewayPorts
Remote port forwarding from 28000 enabled

Please note:

  • The SSH Batch Script should be running throughout while there are jobs running on Rescale or on-premise using the license proxy. If the SSH tunnel is killed or stopped for any reason while there were acitve jobs in flight the jobs will fail to checkout license.
  • It is recommended to run the SSH tunnel script from a license server machine or a computer with high uptime and not a laptop.


For Linux Users

Download the SSH Shell Script

  • Download Shell Script from the Setup section as shown below:

Linux-Shell-Script

Generate a New SSH Key

On Mac OSX and Linux, SSH key generation utilities can be run from the command line of a terminal.

  • To open the Mac OSX Terminal, open the Finder and choose Utilities from the Go menu.

  • Find the Terminal application in the Utilities window and double-click it.

  • The Terminal window opens with the command line prompt displaying the name of your machine and your username

  • First check for existing keys on your computer. From the command line of the terminal type:

$ ls -al ~/.ssh

This lists the files in your .ssh directory, however, if you have a new Mac OSX or Linux installation, the .ssh directory may not yet exist

The default public key file names are:

  • id_dsa.pub
  • id_ecdsa.pub
  • id_ed25519.pub
  • id_rsa.pub

By default, keys for all identities are added to the directory:

  • /Users/_yourname_/.ssh on Mac OSX
  • /home/_yourname_/.ssh on Linux

If you wish to use an existing key file for your Rescale account, you can do the following:

  • cat the public ssh keys by: $ cat ~/.ssh/id_rsa.pub
  • Copy the public SSH keys and paste it in the SSH keys section on the license proxy page and click on "Save Changes" button at the bottom of the license proxy page
  • Open "Shell Script" downloaded from the previous step and copy everything starting from "ssh..." until "-v -N &" and paste in the terminal:

(E.g ssh username@license-proxy-name.tunnel.rescale.com -R 1055:on-prem-license-server-1:1055 -R 2325:on-prem-license-server-2:2325 -R 49281:on-prem-license-server-3:49281 -R -v -N &)

  • This will establish the ssh tunnel connection between the license server machine and the Rescale license proxy

If you have an existing identity (public/private key pair) in this directory that you want to use on Rescale, skip this step.

How to Create a New Default Identity

  1. Open a terminal session on your local system
  2. Enter ssh-keygen in the command line terminal window
  3. The command prompts you for a file to save the key in. If the .ssh directory doesn't exist, the system creates one for you
  4. Accept the default location

The ssh-keygen command creates your default identity with its public and private keys. The whole interaction will look like this:

[mairi@centos ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mairi/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mairi/.ssh/id_rsa.
Your public key has been saved in /home/mairi/.ssh/id_rsa.pub.
The key fingerprint is:
ed:88:95:91:38:e4:5e:ff:d6:73:70:f7:43:3e:f6:3b mairi@centos
The key's randomart image is:
+--[ RSA 2048]----+
|      .          |
|     o . .       |
|      + +        |
|     . o =       |
|      . S o   ..o|
|       o o . .ooo|
|      . . . o o=o|
|           .  .E+|
|               .+|
+-----------------+
  • You can, of course, save your new key pair to an alternative, i.e. non-default, location in your file system if you wish. By default, ssh-keygen generates 2048-bit RSA keys

  • ssh-keygen generates a public key and a private key. If not specified, the default public key will be saved as id_rsa.pub and the private key as id_rsa in your ~/ssh folder. Ensure that the ~/ssh is only accessible by you by setting the proper permissions to that folder:

chmod 700 ~/.ssh

  • cat the public ssh keys. For example if your pulic ssh keys are in default path "~/.ssh/id_rsa.pub" then: $ cat ~/.ssh/id_rsa.pub
  • Copy the public SSH keys and paste it in the SSH keys section on the license proxy page and click on "Save Changes" button at the bottom of the license proxy page
  • Open "Shell Script" downloaded from the previous step and copy everything starting from "ssh..." until "-v -N &" and paste in the terminal:

(E.g ssh username@license-proxy-name.tunnel.rescale.com -R 1055:on-prem-license-server-1:1055 -R 2325:on-prem-license-server-2:2325 -R 49281:on-prem-license-server-3:49281 -R -v -N &)

  • This will establish the ssh tunnel connection between the license server machine and the Rescale license proxy

To test your connection and verify if the settings made were properly configured:

  1. Click on the "Check License Availability" button in the "License Hosts" section on the company license proxy page and that should give you all the license features along with the number of license seats you have available.

Check-License-Availability

Please note the "Check License Availability" currently only displays the status for applications using FlexLM and Dynamore (LSTC) type of license services such as, ANSYS, STAR-CCM+, ABAQUS (Flex), LS-DYNA. If you have an RLM license software configured (such as Converge, MixIT etc.) or DSLS type of license service, the "Check License Availability" will not display any information.

  • For FlexLM or RLM type of license service if the "Check License Availability" shows as "The license server is down or not responding", this means:
    • The SSH tunnel connection is not configured correctly and the ssh tunnel is not UP and running
    • The on-premise license server is not active or there is no active license process currently being served on your on-premise license server. Please check with your IT/Network or the license server admin team to check for the firewall settings or the license server status.
    • No license is being served on the on-premise license server machine
  1. Submit a dummy job by logging into your Rescale account
  • Create a new job by clicking the +New job button in the top left of the page. Select the Software you want in the software section and select Use Existing License option as shown below:

License-Settings

  • In the appropriate field type in port@hostname . For example if you have configured ANSYS software on the license proxy and your license port is 1055, then enter 1055@hostname then click "Check availability" button. The license prompt will provide you with immediate feedback for whether the license server address specified in the license settings is reachable from the Rescale platform by clicking the ”Check Availability” button. It will also display all the license features and the associated license seats available for your licenses.

If you see the tunnel status to be in Yellow saying No active connection, that means the SSH tunnel is not up and running it can be because of the following reasons:

Tunnel-status

  • On-premises workstation got restarted where the tunnel is running from
  • Pageant is not loaded with the private keys while running the ssh tunnel script
  • Private keys are deleted
  • The "Allowed IP or CIDR range" is not correct
  • License server is put down for any reason
  • The license service (i.e lmgrd or rlm) has exited
  • The licenses have expired
  • The Vendor port changed for some reason (probably because it was not fixed in the license file)

Authentication Error/Public Key Denied

I am unable to establish SSH tunnel connection from my Windows computer. I get Authentication error or public key denied. What does this mean?

  • This can be because of a few reasons:
  1. Either your private SSH keys are not added into pageant while you run the SSH Batch script.

  2. The public SSH keys that you pasted in the "SSH keys" section on the license proxy page is incomplete or missing some portion from the end of the key (mostly when you copy the public ssh keys from notepad and not PuTTyGen directly)

  3. The private key type (.ppk) is not supported by windows for authentication. In this case please convert your private ssh keys that is in .ppk format into .pem format using PuTTYgen. - Here is how you can do this: - Start PuTTYgen. - From Actions, choose Load, and then navigate to your .ppk file For e.g if your private key name is "private_key.ppk" choose that key. - Choose the .ppk file, and then choose Open. - From the menu at the top of the PuTTY Key Generator, choose Conversions, Export OpenSSH Key.

Note: If you didn't enter a passphrase, you receive a PuTTYgen warning. Choose "Yes", name the file and add the .pem extension and choose "Save" and try re-initiating the SSH tunnel connection witht the new .pem private keys added in pageant.

License Server UP Vendor Daemon Down

When I use the "Check License Availability" option on the license proxy page or from the license settings section when I setup a job it says "License server UP, Vendor "Down". What does this mean?

  • This can be because of a few reasons:
  1. Either your licenses expired. You can check the license file on your on-premise license server machine and check the expiry date to confirm. If the licenses have expired, get a new license from the ISV and have the license server admin install it on the on-premise license server machine.

  2. The vendor port configured on Rescale while establishing the SSH tunnel connection has changed to a different port. This is mainly because the vendor port was not fixed in the license file and the on-premise license server got restarted for some reason. To fix this issue please fix the vendor port How to Fix Vendor Port, re-download the SSH tunnel script (Batch script or Shell Script) based on your operating system and re-initiate the SSH tunnel connection

Connection Reset by Peer/Connection Refused/Connection Timed Out Error

If you encounter a “Connection Reset By Peer”/”Connection Refused”/ “Connection Timed Out error”, this is probably because there is a firewall in place that is causing the connection to fail.

  • In such cases please use the following steps:

    • Confirm that the network that you are using allows SSH port connectivity
    • Verify the firewall rules, if any.
    • Please ensure that the SSH port is not being blocked.
    • Also make sure that you have the correct CIDR rule in place on the license proxy settings page in the "Allowed IP or CIDR range" section. You can add a wide/open range such as "0.0.0.0/0" while you are initiating the tunnel to see if CIDR range is an issue. If the connection is successful after you add the open rule (0.0.0.0/0) that means the CIDR range that you entered on the license proxy page is not correct. Please replace the CIDR range with the correct IP.

The license server is down or not responding

When I use the "Check License Availability" option on the license proxy page or from the license settings section when I setup a job it says "license server is down or not responding". What does this mean?

  • This means:
  1. Either your SSH tunnel is not connected properly
  2. On-premise license server machine or license service process is not acitve or running
  3. No licenses are being served on-premise on the license server machine
  4. The license service software that you are trying to query the licenses for, does not support the "Check License Availability" feature. This is either RLM or DSLS.
  5. There is no license proxy setup in your company account and you only have a VPN tunnel setup with Rescale to run jobs.

In such case, please contact your IT/Network team or the license servere admin to confirm and try re-initiating the tunnel connection once the license server is UP and running.