How to Setup a Remote Connection to Illumina Run Manager on the MiSeq i100 Series Instruments
Last updated
Last updated
© 2023 Illumina, Inc. All rights reserved. All trademarks are the property of Illumina, Inc. or their respective owners. Trademark information: illumina.com/company/legal.html. Privacy policy: illumina.com/company/legal/privacy.html
Mapping your custom hostname to an IP address may be needed to utilize Illumina Run Manager (IRM) remotely. This step is not needed if the local Domain Name Server (DNS) resolves the instrument IP address. Instructions for mapping hostnames to IP addresses vary by operating system.
The following information can be found in the MiSeq i100 Control Software Settings, under Network Settings:
The MiSeq i100 instrument IP address (e.g., 10.14.64.55).
The MiSeq i100 instrument name hostname (e.g., sh00033).
The MiSeq i100 instrument domain name (e.g., illumina.com).
This is an optional field and may not be specified depending on the instrument network settings
The MiSeq i100 instrument fully qualified domain name (FQDN) is:
If domain is specified → . (e.g., sh00033.illumina.com);
If domain is not specified → (e.g., sh00033);
Log into the computer with an account that has Administrator privileges.
Open a text editor such as Notepad or Notepad++ by right clicking the icon and selecting Run as administrator.
Add the instrument IP address and FQDN as a new entry at the end of the hosts file:
{your MiSeq i100 IP Address} {your MiSeq i100 FQDN}
Use a tab or spaces to separate the IP address and FQDN.
Save the file.
Log into the computer with an account that has Administrator privileges.
Open a terminal window and enter the following command, then press Enter
sudo nano /etc/hosts
Use the arrow keys to move the cursor to the bottom of the file.
Press ctrl+O to overwrite the existing file, then press Enter to confirm the overwriting. This will saves changes to the hosts file.
Press ctrl+X to exit the nano editor.
Mac Only - Update your browsers DNS records to make these changes go live in your browser by entering the following command, then press Enter:
sudo killall -HUP mDNSResponder
Open a browser and enter the following URL, replacing sh00033.illumina.com with the instrument FQDN: https://sh00033.illumina.com/v1/instruments/public/ca
The MiSeq i100 Series is designed to utilize TLS certificates to securely connect to the instrument from any device on the same network (refer to Product Documentation for more information). For users that do not have access to TLS certificates, a self-generated root certificate may be used to connect to the instrument through IRM. To generate the certificate, use a computer that is connected to the same network as the instrument. You only need to trust the certificate one time per instrument and all remote computers can use that same certificate.
Instructions for trusting the certificate vary by operating system.
Any time the software is reinstalled or First Time Setup (FTS) is performed, a new trusted root certificate must be created.
Open PowerShellby typing powershell in the Windows search bar, right-click the icon and select Run as administrator.
In the PowerShell terminal, enter the following command and press Enter:
cd ~\Documents
Enter the following command and press Enter to retrieve the certificate. Replace sh00033.illumina.com with the instrument FQDN:
$rootCert = (Invoke-WebRequest -UseBasicParsing -Uri "http://sh00033.illumina.com/v1/instruments/public/ca" | ConvertFrom-Json).edgeOSRootCertificate
Enter the following commands and press Enter after each one to save the certificate to a file and import it into the Trusted Root Certificates store:
$certBytes = [System.Convert]::FromBase64String($rootCert)
$certContent = [System.Text.Encoding]::UTF8.GetString($certBytes)
$certContent | Out-File -FilePath .\edgeosRoot.crt
Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root\ -FilePath .\edgeosRoot.crt
The self-signed root certificate is downloaded to the local computer, in the Documents folder, and added to the Trusted Root Certificates store.
Confirm that you can access the instrument in a browser using the following URL, replacing sh00033.illumina.com with the instrument FQDN: https://sh00033.illumina.com
The certificate is saved to the Documents folder (i.e. C:\Users{username}\Documents) and is named edgeRoot.crt.
The certificate must be added to the trusted certificate store on all Windows computers that require remote access to the instrument. Refer to the operating system instructions for information about adding certificates to the trusted root store.
Open Terminal, enter the following command, replacing sh00033.illumina.com with the instrument FQDN, to save the certificate as a file called sh00033.crt:
curl -k <https://sh00033.illumina.com/v1/instruments/public/ca> | jq -r ".edgeOSRootCertificate" | base64 --decode > sh00033.crt
Note: The .crt extension is required for the certificate to be properly added in the next steps.
Mac OS: Enter the command below to add the certificate to the trusted store, replacing sh00033.crt with the filename used in Step 1 above:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain sh00033.crt
Linux: Enter the commands below to add the root CA certificate to the trust store, replacing sh00033.crt with the filename used in Step 1 above:
sudo apt-get install -y ca-certificates
sudo cp sh00033.crt /usr/local/share/ca-certificates
sudo update-ca-certificates
Note: Some software (e.g., Chromium, Chrome, Firefox, etc.) may not use the system-wide certificates, but rather must have the certificate imported into their own certificate store (see example below).
The certificate must be added to the trusted certificate store on all Mac or Linux computers that require remote access to the instrument. Refer to the operating system instructions for information about adding certificates.
For any feedback or questions regarding this article (Illumina Knowledge Article #9334), contact Illumina Technical Support techsupport@illumina.com.
From the open text editor, browse to **C:\Windows\System32\drivers\etc**and open the hosts file.
Example:
Enter the sudo password for the user to allow edit access to the file. A screen similar to the following appears:
On a new line, add the instrument IP address and FQDN, separated by a tab or spaces. In the following example, the IP address is 10.16.28.65 and FQDN is sh00033.illumina.com:
Confirm that you can access the instrument. If successful, the following output appears in the browser:
Hit the Advanced button in the lower left and click Proceed to sh00033.illumina.com (unsafe). The browser will show the FQDN that was entered in the URL in place of sh00033.illumina.com. The resulting page should show {"edgeOSRootCertificate": ... as shown in the example image:
If successful, the following login screen appears in the browser:
Open the Settings window.
Select Privacy and security in the menu on the left side, scroll down and click the Security button.
Scroll down and click the Manage certificates button.
Select the Authorities tab and click the Import button.
Find the certificate saved in the previous steps, select it and click the Open button.
Check the Trust this certificate for identifying websites option and click the OK button to install the certificate.
