Home
VOV Subsystem Administrator Guide
This manual provides information about managing a VOV project, including starting the server and connecting computing resources such as computers and licenses.
IT Administrator Topics
Using PAM (Pluggable Authentication Modules) for Browser Authentication

Welcome
What's New
View new features for VOV Subsystem 2025.1.2.
Overview
Discover the workspace, licensing and installation, and training.
VOV Subsystem Tutorials
Discover VOV Subsystem functionality with interactive tutorials.
VOV Subsystem Administrator Guide
This manual provides information about managing a VOV project, including starting the server and connecting computing resources such as computers and licenses.
- Client/Server Architecture
  All of Altair Accelerator's products are based on a client/server architecture to support concurrent activities, team coordination, distributed data management, and distributed processing. The program vovserver runs in the background as a service to implement the main product features. It is the server.
- VOV Projects
  A "project" is a named collection of jobs, together with all the files that are used and produced by those jobs. The contents of VOV projects can be custom organized.
- VOV Registry
  The VOV Registry contains the list of all projects known to an installation of Altair Accelerator software. The registry is used by the vovproject command, and stores metadata such as the host machine and port number of a project.
- Get Started
- Start and Configure the Server
- Connect to a Project
- Stop the Server
- Recovery and Redundancy
- Files, Equivalences, Exclusions
  The files used in a project reside in one or more directories spread all around your filesystems. Each logical name defined in the equiv.tcl file implicitly declares the root of a workspace. You can browse the workspaces using the browser interface.
- Taskers
  A tasker is a VOV client that provides computing resources, specifically CPU cycles, to the vovserver.
- Tasker Policies
- Interfaces to Accelerator, SGE, LSF, and Others
  FlowTracer can be used also as a front end to an existing batch processing system (BPS), for example, Accelerator, LSF, SGE, SGEEE, etc.
- Advanced Tasker Topics
- Resource Management
  Altair Accelerator includes a subsystem for managing computing resources. This allows the design team to factor in various constraints regarding hardware and software resources, as well as site policy constraints.
- IT Administrator Topics
  - SSH Setup
    If you use SSH to login onto certain machines in your LAN that you want to use as taskers, you need to setup SSH so that it will not ask for your password.
  - Network Conditioning
    Each computer has its own clock. Clocks on different computers in the same network might not be synchronized. The system administrator should keep all clocks in the network synchronized.
  - File System Offsets
    The file system that contains the design files may reside on a machine that is not the same as the one where the vovserver is running. The clocks in the two machines may be different, resulting in an offset. These offsets can be easily avoided. Here we show what can be done to work with an unsynchronized network.
  - NFS and VOV
    Before you can use NFS, be it as server or client, you must make sure your kernel has NFS support compiled in.
  - Network Overhead
    VOV lets you distribute computation across the network without adding significant overhead. In some cases, it pays to be careful about the distribution of data and computation.
  - Using PAM (Pluggable Authentication Modules) for Browser Authentication
  - Attribute Value Stream (AVS) File Syntax
    Attribute Value Stream (AVS) is a file format and data interchange format that uses human-readable text to describe nested objects and arrays of objects. This file format is similar to JSON (Javascript Object Notation).
  - Known Issues
  - Health Monitoring and vovnotifyd
  - Limits for Objects and Strings
  - VovScope
    VovScope is a vovserver performance logging mode. When enabled, logging is activated for certain classes of vovserver activity including system calls and network communication to clients.
VOV Subsystem Reference Guide
EDA Tool Integration Guide
This document is a collection of techniques that have proven to be useful when applying FlowTracer in Electronic Design Automation.

View All Altair Accelerator Help

Using PAM (Pluggable Authentication Modules) for Browser Authentication

Login using Web Browsers

For CLI and GUI commands, the user is already authenticated by the operating system login, and VOV programs are run as the logged-in user.

The vovserver program natively supports HTTP for VOV's browser-based user interface. When a browser connects to the vovserver, the user may wish to authenticate as one other than the user running the browser program on the remote host. Also, remote users can have complete administrative control of the host where the browser runs, and be spoofing another user's login name. Hence, VOV asks for a username and password, and uses these to authenticate the user on the host where the vovserver runs.

Once a user has authenticated with a given login name, their VOV privilege level with respect to VOV operations is determined by the security.tcl configuration file for that vovserver. Please refer to VOV Security.

Authentication Mechanisms

The vovserver is a PAM-aware application: its authentication may be changed without recompiling the program. On Linux and MacOS-X, the vovserver uses vovpamauth which in turn uses PAM to authenticate users.

On other platforms, vovserver uses the regular crypt() method to accept the provided password.

Authentication Control

To enable or disable PAM, you can do so with the variable config(enablePam) in the policy.tcl file.

# force PAM to be used when available
set config(enablePam) 1

Alternatively, you can control the use of PAM with vovsh and vtk_server_config. You must select which vovserver to act on by using the vovproject enable command first.

% vovproject enable some-ft-project
% vovsh -x 'puts [vtk_server_config enablepam 1]'

Note: When PAM is enabled, the vovpamauth program scans, at startup, the directory /etc/pam.d, searching in order for files named 'vovauth', 'ftauth', 'system-auth', and 'su'.

The first one found determines the PAM service name used by the vovpamauth.

# Example of a vovauth file.  Only the auth part is required.
auth       sufficient     pam_rootok.so 
auth       required       pam_opendirectory.so