Remote CONN projects

If your CONN projects/studies are stored in an SSH-accessible computer (e.g. projects stored in your institution's cloud-based computational environment, or in your own lab's server), CONN can access and work with them remotely (e.g. from home or your office) without the need for any additional or specialized software such as VNC, OnDemand, Remote Desktop, etc.

Example of use

To access remote projects from CONN's graphical interface simply select the 'Connect to remote projects' option in the Projects menu:

After entering your server address and credentials CONN establishes a Secure Shell connection with the server, allowing you to seamlessly open in CONN any projects stored there and further process or analyze your data remotely. While working remotely, the CONN gui will behave as if you were working on the server computer directly (but if needed, you may use the menu 'Tools. Remote options. Copy/Transfer files' to transfer files between your local computer and the server). When finished working remotely, select the option 'Project. Disconnect from remote' to disconnect from the server.

To configure CONN to access remote projects follow the steps described in the sections below.

Basic configuration settings for remote connections

In the "client" computer

The "client" computer is the computer where we would like to work from (e.g. your home or office computer).

To configure this computer to be able to access remote servers, launch CONN and select the 'Tools. Remote Options. Configuration' menu. In the top-half options, under the "when this computer is client" header, mark the checkbox 'Connect using SSH'. By default CONN will use your OS ssh/scp commands for SSH communications (these programs are installed by default as part of your Operating System in most Linux/Mac/Windows computers). If you want your computer to use a different OpenSSH-compatible SSH client software enter the name/location/options of the corresponding remote-access and remote-transfer software below. Last, click 'Save' to save these settings.

note: you may also use the ssh/scp command fields to specify advanced SSH/SCP options. For example, in the 'local command for logging' field you may enter "ssh -i identity_file" instead of "ssh" to specify that SSH should use a private key file instead of a password for authentication, or use the syntax "ssh -p 26" to specify that SSH should connect to a non-default SSH port number, etc.

In the "server" computer

The "server" computer is the computer or network where our CONN project is going to be stored, and that we would like to access remotely (e.g. your institution's computing environment, or your own server computer). This computer needs to have an OpenSSH-compatible SSH server/daemon running (most institutions or cloud-based computational environments will have ssh/scp servers installed by default and accessible externally from a common login node, consult with your institution IT for details; alternatively see openssh.com for details on how to install and configure a SSH server).

To configure this computer to allow access from remote clients to its CONN projects, launch CONN from this computer and select the 'Tools. Remote Options. Configuration' menu. In the bottom-half options, under the "when this computer is server" header, mark the checkbox 'Connect using SSH'. If this computer is part of a larger computer cluster select your cluster configuration profiles (e.g. GridEngine, Slurm, PBS, LSF, HTCondor), otherwise select 'distributed processing (run on background process, Unix/Mac). Last, click 'Save' to save these settings. If the server computer can be accessed by multiple users, each user may define their own access options/settings accordingly.

Alternatively, you may also use the syntax "conn remotely setup" to manually configure the server computer (see help conn_remotely for details)

Under the hood: default communication protocol

When initiating a connection with a remote server following the instructions above, the client computer will use a ssh command to connect to the host computer (Step 1). It will then use this shell and the cluster profile options selected in this host computer (e.g. a Background process or a Slurm job submission) to automatically launch a new Matlab session in a server computer (Step 2; the server may be the same computer as the host or a different computer within the same network, depending on the cluster profile selected) which will in turn wait for the client's connection. Once the connection is established and a secure tunnel is created (Step 3), the host computer will no longer be used, only acting as a gateway for TCP/SSH communications between the client and the server computers. The server computer will wait for instructions from the client, while the client runs CONN normally (typically for anything that relates to GUI-interaction), querying the server when needed (e.g. when needing to load data from remote files), or requesting the server to run longer or more complex steps when appropriate (e.g. when preprocessing the data or running any analysis step that requires significant interaction with the data). When the CONN GUI is closed in the client computer, the server Matlab session will exit and the SSH tunnel will be closed.

Alternative protocol within trusted networks only

Using Secure Shell allows you to create a secure and confidential communication channel between your computer and the server where your CONN projects are stored. Alternatively, if the server computer is not SSH-accessible (e.g. another computer in your home/office local network without a SSH server installed), the following procedure allows you to manually connect to a remote server over a standard/unsecured TCP communication channel. Note that this alternative procedure will skip SSH entirely, so in this case your communication data will not be tunneled nor encrypted. This is only recommended for communications within a local/trusted network, and it is strongly discouraged otherwise, as the confidentiality and integrity of the data transferred between the client and server computers cannot be guaranteed, posing a serious security vulnerability in any untrusted environment (e.g. other users within your local network may read/alter your communications and gain access to your data).

To manually connect to a remote server over TCP/IP you may follow these steps:

Step 1: start CONN in the server computer and select the 'Tools. Remote Options. Configuration' menu. In the bottom-half options, under the "when this computer is server" header, unmark the checkbox 'Connect using SSH' and click on 'Manually start CONN server now'. Then enter a TCP port number and a one-time-use password for this server (note: if the server computer does not have any graphics hardware you may also use the syntax "conn remotely start server" to manually start a CONN server; see help conn_remotely for details)

Step 2: start CONN in the client computer and select the 'Tools. Remote Options. Configuration' menu. In the top-half options, under the "when this computer is client" header, unmark the checkbox 'Connect using SSH' and click on 'Manually connect to CONN server now'. Then enter the IP address of your server computer, and the same port number and password as in Step 1 above.

When finished working remotely, select the option 'Project. Disconnect from remote' in the client to disconnect from the server.