Authentication#
Connections to VSC clusters and web services are always encrypted to secure your data. We currently support two types of authentication for connections to VSC clusters:
The difference between cryptographic key-based authentication and multi-factor authentication (MFA) lies on the risk that somebody else can impersonate you and use your credential to log in to VSC clusters and services. MFA requires that you validate the authentication with another device apart from the computer being used to connect to the cluster, making it much harder for an attacker to use your log in credentials.
It is important to note that the security of your data with both methods is the same once the connection has been established. The type of encryption of the resulting connection does not depend on the authentication method.
Cryptographic Key Pair#
Connections with key-based authentication are only possible to the Access: Terminal Interface of the following VSC clusters:
Connections to VSC web-base services, such as the VSC account page or the Access: Web Portal to VSC clusters, are always handled with MFA following the security policies of your home institution.
The following sections explain how to create and manage your cryptographic keys to connect to supported clusters.
Multi-factor Authentication#
Multi Factor Authentication (MFA) is an augmented level of security which, as the name suggests, requires multiple steps to successfully authenticate.
Connections with MFA are currently supported on all VSC web-based services, such as the VSC account page or the Access: Web Portal to VSC clusters, and also on the Access: Terminal Interface of the following VSC clusters:
The following sections explain how to set up MFA to connect to supported clusters.
Location Access Restrictions#
Beginning of March 2026 the firewall access to the HPC cluster will be resolved by the global KU Leuven firewall rules. This will have some impact in connections to the Tier-2 cluster:
There will be a difference between connecting from a managed KU Leuven laptop and unmanaged laptops.
- KU Leuven managed laptops
Use MFA (certificate) for connections both from Belgium and from abroad. No need to request additional firewall login.
- Non-managed laptops
- There are several possibilities to connect to the KU Leuven VSC clusters:
From all locations (connecting from VPN B zone, from other VSC universities, from other Belgian IP addresses and from abroad):open the firewall access (https://firewall.vscentrum.be) and request a certificate. The firewall page only needs to be active when making new connections to the cluster.
Exception for connections from within VSC network (_i.e._ other VSC clusters) - certificate is sufficient
All VSC clusters are behind a firewall, which is configured by default to block all traffic from abroad. If you want to access any VSC cluster from abroad, it is necessary that you first authorize your own connection on the VSC Firewall. Once your connection is authorized, you can proceed as usual.
Note
Keep the VSC Firewall page open for the duration of your session on the VSC cluster.
All VSC clusters are behind a firewall, which is configured by default to block all traffic from abroad. If you want to access any VSC cluster from abroad, it is necessary that you first authorize your own connection on the VSC Firewall. Once your connection is authorized, you can proceed as usual.
Note
Keep the VSC Firewall page open for the duration of your session on the VSC cluster.
All VSC clusters are behind a firewall, which is configured by default to block all traffic from abroad. If you want to access any VSC cluster from abroad, it is necessary that you first authorize your own connection on the VSC Firewall. Once your connection is authorized, you can proceed as usual.
Note
Keep the VSC Firewall page open for the duration of your session on the VSC cluster.