Illumina® Connected Analytics is a cloud-based software platform intended to be used to manage, analyze, and interpret large volumes of multi-omics data in a secure, scalable, and flexible environment. The versatility of the system allows the platform to be used for a broad range of applications. When using the applications provided on the platform for diagnostic purposes, it is the responsibility of the user to determine regulatory requirements and to validate for intended use, as appropriate.

The platform is hosted in regions listed below.

The platform hosts a suite of RESTful HTTP-based application programming interfaces (APIs) to perform operations on data and analysis resources. A web application user-interface is hosted alongside the API to deliver an interactive visualization of the resources and enables additional functionality beyond automated analysis and data transfer. Storage and compute costs are presented via usage information in the account console, and a variety of compute resource options are specifiable for applications to fine tune efficiency.

Getting Started

Getting Help

Use the search bar on the top right to navigate through the help docs and find specific topics of interest.

If you have any questions, contact Illumina Technical Support by phone or email:

Illumina Technical Support | techsupport@illumina.com | 1-800-809-4566

For customers outside the United States, Illumina regional Technical Support contact information can be found at www.illumina.com/company/contact-us.html.

To see the current ICA version you are logged in to, click your username found on the top right of the screen and then select About.

Other Illumina Products

To view a list of the products to which you have access, select the 9 dots symbol at the top right of ICA. This will list your products. If you have multiple regional applications for the same product, the region of each is shown between brackets.

The More Tools category presents the following options

• My Illumina Dashboard to monitor instruments, streamline purchases and keep track of upcoming activities.

• Link to the Support Center for additional information and help.

• Link to the order management from where you can keep track of your current and past orders.

Release Notes

Software Registration

Tenant Setup

The platform requires a provisioned tenant in the Illumina account management system with access to the Illumina Connected Analytics (ICA) application. Once a tenant has been provisioned, a tenant administrator will be assigned. The tenant administrator has permission to manage account access including add users, create workgroups, and add additional tenant administrators.

Each tenant is assigned a domain name used to login to the platform. The domain name is used in the login URL to navigate to the appropriate login page in a web browser. The login URL is https://<domain>.login.illumina.com, where <domain> is substituted with the domain name assigned to the tenant.

New user accounts can be created for a tenant by navigating to the domain login URL and following the links on the page to setup a new account with a valid email address. Once the account has been added to the domain, the tenant administrator may assign registered users to workgroups with permission to use the ICA application. Registered users may also be made workgroup administrators by tenant administrators or existing workgroup administrators.

API Keys

For security reasons, it is best practice to not use accounts with administrator level access to generate API keys and instead create a specific CLI user with basic permission. This will minimize the possible impact of compromised keys.

Generate an API Key

Click the button to generate a new API Key. Provide a name for the API Key. Then choose to either include all workgroups or select the workgroups to be included. Selected workgroups will be accessible with the API Key.

Click to generate the API Key. The API Key is then presented (hidden) with a button to show the key to be copied and a link to download to a file to be stored securely for future reference. Once the window is closed, the key contents will not be accessible through the domain login page, so be sure to store it securely for future reference if needed.

After generating an API key, save the key somewhere secure to be referenced when using the command-line interface or APIs.

Access via Web UI

• On the left, you have the navigation bar which will auto-collapse on smaller screens. When collapsed, use the ≡ symbol to expand it.

• The central part of the display is the item on which you are performing your actions.

• At the top right, you have icons to refresh the screen for information, status updates, and access to the online help.

Access via the CLI

Access via the API

Object Identifiers

The object data models for resources that are created in the platform include a unique id field for identifying the resource. These fixed machine-readable IDs are used for accessing and modifying the resource through the API or CLI, even if the resource name changes.

JSON Web Token (JWT)

Accessing the platform APIs requires authorizing calls using JSON Web Tokens (JWT). A JWT is a standardized trusted claim containing authentication context. This is a primary security mechanism to protect against unauthorized cross-account data access.

A JWT is generated by providing user credentials (API Key or username/password) to the token creation endpoint. Token creation can be performed using the API directly or the CLI.

Introduction

When looking at the main ICA navigation, you will see the following structure:

• Projects are your primary work locations which contain your data and tools to execute your analyses. Projects can be considered as a binder for your work and information. You can have data contained within a project, or you can choose to make it shareable between projects.

• Reference Data are reference genome sets which you use to help look for deviations and to compare your data against.

• Bundles are packages of assets such as sample data, pipelines, tools and templates which you can use as a curated data set. Bundles can be provided both by Illumina and other providers, and you can even create your own bundles. You will find the Illumina-provided pipelines in bundles.

• Audit/Event Logs are used for audit purposes and issue resolving.

• System Settings contain general information susch as the location of storage space, docker images and tool repositories.

Projects are the main dividers in ICA. They provide an access-controlled boundary for organizing and sharing resources created in the platform. The Projects view is used to manage projects within the current tenant.

Note that there is a combined limit of 30,000 projects and bundles per tenant.

Create new Project

To create a new project, click the Projects > + Create Project button.

Required fields include:

• Name

  • 1-255 characters

  • Must begin with a letter

  • Characters are limited to alphanumerics, hyphens, underscores, and spaces

• Analysis Priority (Low/Medium(default)/High) This is balanced per tenant with high priority analyses started first and the system progressing to the next lower priority once all higher priority analyses are running. Balance your priorities so that lower priority projects do not remain waiting for resources indefinitely.

• Project Owner Owner (and usually contact person) of the project. The project owner has the same rights as a project administrator, but can not be removed from a project without first assigning another project owner. This can be done by the current project owner, the tenant administrator or a project administrator of the current project. Reassignment is done at Projects > your_project > Project Settings > Team > Edit.

• Project Location Select your project location. Options available are based on Entitlement(s) associated with purchased subscription.

• Storage Bundle (auto-selected based on user selection of Project Location)

Click the Save button to finish creating the project. The project will be visible from the Projects view.

Create with Storage Configuration

During project creation, select the I want to manage my own storage checkbox to use a Storage Configuration as the data provider for the project.

With a storage configuration set, a project will have a 2-way sync with the external cloud storage provider: any data added directly to the external storage will be sync'ed into the ICA project data, and any data added to the project will be sync'ed into the external cloud storage.

Managing Projects

Several tools are available to assist you with keeping an overview of your projects. These filters work in both list and tile view and persist across sessions.

1. Searching is a case-insensitive wildcard filter. Any project which contains the characters will be shown. Use * as wildcard in searches. Be aware that operators without search words are blocked and will result in Unexpected error occurred when searching for projects. You can use the brackets, AND, OR and NOT operators, provided that you do not start the search with them (Monkey AND Banana is allowed, AND Aardvark by itself is invalid syntax)

2. Filter by Workgroup : Projects in ICA can be accessible for different workgroups. This drop-down list allows you to filter projects for specific workgroups. To reset the filter so it displays projects from all your workgroups, use the x on the right which appears when a workgroup is selected.

3. Hidden projects : You can hide projects (Projects > your_project > Details > Hide) which you no longer use. Hiding will delete data in base and bench and will thus be irreversible.

   • You can still see hidden projects if you select this option and delete the data they contain at Projects > your_project > Data to save on storage costs.

   • If you are using your own S3 bucket, your S3 storage will be unlinked from the project, but the data will remain in your S3 storage. Your S3 storage can then be used for other projects.
4. Favorites : By clicking on the star next to the project name in the tile view, you set a project as favourite. You can have multiple favourites and use the Favourites checkbox to only show those favourites. This prevents having too many projects visible.

5. Tile view shows a grid of projects. This view is best suited if you only have a few projects or have filtered them out by creating favourites. A single click will open the project.

6. List view shows a list of projects. This view allows you to add additional filters on name, description, location, user role, tenant, size and analyses. A double-click is required to open the project.

Externally-managed projects

Illumina software applications which do their own data management on ICA (such as BSSH) store their resources and data in a project much in the same was as manually created projects work in ICA. For ICA, these projects are considered to be externally-managed projects and from ICA, there are a number of restrictions on which actions are allowed on externally-managed projects. For example, you can not delete or move externally-managed data. This is to prevent inconsistencies when these applications want to access their own project data.

When you create a folder with a name which already exists as externally-managed folder, your project will have that folder twice. Once ICA-managed and once externally-managed as S3 does not require unique folder names.

Projects are indicated as externally-managed in the projects overview screen by a project card with a light grey accent and a lock symbol followed by "managed by app".

Tutorial

You can use samples to group information related to a sample, including input files, output files, and analyses.

You can search for samples (excluding their metadata) with the Search button at the top right.

Add New Sample

To add a new sample, do as follows.

1. Select Projects > your_project > Samples.

2. To add a new sample, select + Create, and then enter a unique name and description for the sample.

3. To include files related to the sample, select + Add data to sample.

Your sample is added to the Samples page. To view information on the sample, select the sample, and then select Open Details.

Add Files to Samples

You can add additional files to a sample after creating the sample. Any files that are not currently included in a sample are listed on the Unlinked Files tab.

To add an unlinked file to a sample, do as follows.

1. Go to Projects > your_project > Samples > Unlinked files tab.

2. Select a file or files, and then select one of the following options:

   • Create sample — Create a new sample that includes the selected files.

   • Link to sample — Select an existing sample in the project to link the file to.

Alternatively, you can add unlinked files from the sample details.

1. Going to Projects > your_project > Samples > your_sample.

2. Select your sample to open the details.

3. The last section of the details is files, where you select + Add data to sample.

4. If the data is not in your project, select Choose a file, which will upload the data to your project. This does not automatically add it to your sample, you will still have to select that newly uploaded data and then select add data to sample.

Data can only be linked to a single sample, so once you have linked data to a sample, it will no longer appear in the list of data to choose form.

Removing Files from Samples

To remove files from samples,

1. Go to Projects > your_project > Samples > your_sample > Details.

2. Go to the files section and open the file details of the file you want to remove.

3. Select Remove data from sample.

4. Save your changes.

Link Samples to Project

A Sample can be linked to a project from a separate project to make it available in read-only capacity.

1. Navigate to the Samples view in the Project

2. Click the Link button

3. Select the Sample(s) to link to the project

4. Click the Link button

Data linked to Samples is not automatically linked to the project. The data must be linked separately from the Data view. Samples also must be available in a complete state in order to be linked.

Delete Samples

If you want to remove a sample, select it and use the delete option from the top navigation row. You will be presented a choice of how to handle the data in the sample.

• Unlink all data without deleting it.

• Delete input data and unlink other data.

• Delete all data.

The event log shows an overview of system events with options to search and filter. For every entry, it lists the following:

• Event date and time

• Category (error, warn or info)

• Code

• Description

• Tenant

Up to 200,000 results will be be returned. If your desired records are outside the range of the returned records, please refine the filters or use the search function at the top right.

Export is restricted to the amount of entries shown per page. You can use the selector at the bottom to set this to up to 1000 entries per page.

Bundles are curated data sets which combine assets such as pipelines, tools, and Base query templates. This is where you will find packaged assets such as Illumina-provided pipelines and sample data. You can create, share and use bundles in projects of your own tenant as well as projects in other tenants.

The following ICA assets can be included in bundles:

Linking an Existing Bundle to a Project

1. From the main navigation page, select Projects > your_project > Project Settings > Details.

2. Click the Edit button at the top of the Details page.

3. Click the + button, under Linked bundles.

4. Click on the desired bundle, then click the +Link Bundles button.

5. Click Save.

The assets included in the bundle will now be available in the respective pages within the Project (e.g. Data and Pipelines pages). Any updates to the assets will be automatically available in the destination project.

To unlink a bundle from a project,

1. Select Projects > your_project > Project Settings > Details.

2. Click the Edit button at the top of the Details page.

3. Click the (-) button, next to the linked bundle you wish to remove.

Create a New Bundle

To create a new bundle and configure its settings, do as follows.

1. From the main navigation, select Projects > your_project > Bundles.

2. Select + Create .

3. Enter a unique name for the bundle.

4. From the Region drop-down list, select where the assets for this bundle should be stored.

5. [Optional] Configure the following settings.

   • Categories—Select an existing category or enter a new one.

   • Status—Set the status of the bundle. When the status of a bundle changes, it cannot be reverted to a draft or released state.

     • Draft—The bundle can be edited.

     • Released—The bundle is released. Technically, you can still edit bundle information and add assets to the bundle, but should refrain from doing so.

     • Deprecated—The bundle is no longer intended for use. By default, deprecated bundles are hidden on the main Bundles screen (unless non-deprecated versions of the bundle exist). Select "Show deprecated bundles" to show all deprecated bundles. Bundles can not be recovered from deprecated status.

   • Short Description—Enter a description for the bundle.

   • Metadata Model—Select a metadata model to apply to the bundle.

6. Enter a release version for the bundle and optionally enter a description for the version.

7. [Optional] Links can be added with a display name (max 100 chars) and URL (max 2048 chars).

   • Homepage

   • License

   • Links

   • Publications

8. [Optional] Enter any information you would like to distribute with the bundle in the Documentation section.

9. Select Save.

Edit an Existing Bundle

To make changes to a bundle:

1. From the main navigation, select Bundles.

2. Select a bundle.

3. Select Edit.

4. Modify the bundle information and documentation as needed.

5. Select Save.

Adding Assets to a Bundle

To make changes to a bundle:

1. Select a bundle.

2. On the left-hand side, select the type of asset under Flow (such as pipeline or tool) you want to add to the bundle.

3. Depending on the asset type, select add or link to bundle.

4. Select the assets and confirm.

Assets must meet the following requirements before they can be added to a bundle:

• For Samples and Data, the project the asset belongs to must have data sharing enabled.

• The region of the project containing the asset must match the region of the bundle.

• You must have permission to access the project containing the asset.

• Pipelines and tools need to be in released status.

• Samples must be available in a complete state.

When you link folders to a bundle, a warning is displayed indicating that, depending on the size of the folder, linking may take considerable time. The linking process will run in the background and the progress can be monitored on the Bundles > your_bundle > activity > Batch Jobs screen. To see more details and the progress, double-click the batch job and then double-click the individual item. This will show how many individual files are already linked.

Which batch jobs are visible as activity depends on the user role.

Create a New Bundle Version

When creating a new bundle version, you can only add assets to the bundle. You cannot remove existing assets from a bundle when creating a new version. If you need to remove assets from a bundle, it is recommended that you create a new bundle. All users wich currently have access to a bundle will automatically have access to the new version as well.

1. From the main navigation, select Bundles.

2. Select a bundle.

3. Select + Create new Version.

4. Make updates as needed and update the version number.

5. Select Save.

When you create a new version of a bundle, it will replace the old version in your list. To see the old version, open your new bundle and look at Bundles > your_bundle > Details > Versioning. There you can open the previous version which is contained in your new version.

Assets such as data which were added in a previous version of your bundle will be marked in green, while new content will be black.

Add Terms of Use to a Bundle

1. From the main navigation, Select Bundles > your_bundle > Bundle Settings > Legal.

2. To add Terms of Use to a Bundle, do as follows:

   • Select + Create New Version.

   • Use the WYSIWYG editor to define Terms of Use for the selected bundle.

   • Click Save.

   • [Optional] Require acceptance by clicking the checkbox next to Acceptance required. Acceptance required will prompt a user to accept the Terms of Use before being able to use a bundle or add the bundle to a project.

3. To edit the Terms of Use, repeat Steps 1-3 and use a unique version name. If you select acceptance required, you can choose to keep the acceptance status as is or require users to reaccept the terms of use. When reacceptance is required, users need to reaccept the terms in order continue using this bundle in their pipelines. This is indicated when they want to enter projects which use this bundle.

Collaborating on a Bundle

If you want to collaborate with other people on creating a bundle and managing the assets in the bundle, you can add users to your bundle and set their permissions. You use this to create a bundle together, not to use the bundle in your projects.

1. From the main navigation, select Bundles > your_bundle > Bundle Settings > Team.

2. To invite a user to collaborate on the bundle, do as follows.

   • To add a user from your tenant, select Someone of your tenant and select a user from the drop-down list.

   • To add a user by their email address, select By email and enter their email address.

   • To add all the users of an entire workgroup, select Add workgroup and select a workgroup from the drop-down list.

   • Select the Bundle Role drop-down list and choose a role for the user or workgroup. This role defines the ability of the user or workgroup to view or edit bundle settings.

     • Viewer: view content without editing rights.

     • Contributor: view bundle content and link/unlink assets.

     • Administrator: full edit rights of content and configuration.

   • Repeat as needed to add more users.

   Users are not officially added to the bundle until they accept the invitation.

3. To change the permissions role for a user, select the Bundle Role drop-down list for the user and select a new role.

4. To revoke bundle permissions from a user, select the trash icon for the user.

5. Select Save Changes.

Sharing a Bundle

Once you have finalized your bundle and added all assets and legal requirements, you can share your bundle with other tenants to use it in their projects.

Your bundle must be in released status to prevent it from being updated while it is shared.

1. Go to Bundles > your_bundle > Edit > Details > Bundle status and set it to Released.

2. Save the change.

Once the bundle is released, you can share it. Invitations are sent to an individual email address, however access is granted and extended to all users and all workgroups inside that tenant.

1. Go to Bundles > your_bundle > Bundle Settings > Share.

2. Click Invite and enter the email address of the person you want to share the bundle with. They will receive an email from which they can accept or reject the invitation to use the bundle. The invitation will show the bundle name, description and owner. The link in the invite can only be used once.

You can follow up on the status of the invitation on the Bundles > your_bundle > Bundle Settings > Share page.

• If they reject the bundle, the rejection date will be shown. To re-invite that person again later on, select their email address in the list and choose Remove. You can then create a new invitation. If you do not remove the old entry before sending a new invitation, they will be unable to accept and get an error message stating that the user and bundle combination must be unique. They can also not re-use an invitation once it has been accepted or declined.

• If they accept the bundle, the acceptance date will be shown. They will in turn see the bundle under Bundles > Entitled bundles. To remove access, select their email address in the list and choose Remove.

Entitled Bundles

Entitled bundles are bundles created by Illumina or third parties for you to use in your projects. Entitled bundles can already be part of your tenant when it is part of your subscription. You can see your entitled bundles at Bundles > Entitled Bundles.

To use your shared entitled bundle, add the bundle to your project via Project Linking. Content shared via entitled bundles is read-only, so you cannot add or modify the contents of an entitled bundle. If you lose access to an entitled bundle previously shared with you, the bundle is unlinked and you will no longer be able to access its contents.

In order to create a Tool or Bench image, a Docker image is required to run the application in a containerized environment. Illumina Connected Analytics supports both public Docker images and private Docker images uploaded to ICA.

Importing a Public External Image (Tools)

1. Navigate to System Settings > Docker Repository.

2. Click Create > External image to add a new external image.

3. Add your full image URL in the Url field, e.g. docker.io/alpine:latest or registry.hub.docker.com/library/alpine:latest. Docker Name and Version will auto-populate. (Tip: do not add http:// or https:// in your URL)

Note: Do not use :latest when the repository has rate limiting enabled as this interferes with caching and incurs additional data transfer.

1. (Optional) Complete the Description field.

2. Click Save.

3. The newly added image will appear in your Docker Repository list.

Verification of the URL is performed during execution of a pipeline which depends on the Docker image, not during configuration.

External images are accessed from the external source whenever required and not stored in ICA. Therefore, it is important not to move or delete the external source. There is no status displayed on external Docker repositories in the overview as ICA cannot guarantee their availability. The use of :stable instead of :latest is recommended.

Importing a Private Image (Tools + Bench Images)

In order to use private images in your tool, you must first upload them as a TAR file.

1. Navigate to Projects > your_project .

3. Select your uploaded TAR file and click in the top menu on Manage > Change Format .

5. Navigate to System Settings > Docker Repository (outside of your project).

6. Click on Create > Image.

7. Click on the magnifying glass to find your uploaded TAR image file.

8. Select the appropriate region and if needed, filter on project from the drop-down menus to find your file.

9. Select that file.

11. The newly added image should appear in your Docker Repository list. Verify it is marked as Available under the Status column to ensure it is ready to be used in your tool or pipeline.

Copying Docker Images to other Regions

1. Navigate to System Settings > Docker Repository.

2. Either

   • Select the required image(s) and go to Manage > Add Region.

   • OR double-click on a required image, check the box matching the region you want to add, and select update.

3. In both cases, allow a few minutes for the image to become available in the new region (the status becomes available in table view).

To remove regions, go to Manage > Remove Region or unselect the regions from the Docker image detail view.

Downloading Docker Images

You can download your created Docker images at System Settings > Docker Images > your_Docker_image > Manage > Download.

In order to be able to download Docker images, the following requirements must be met:

• The Docker image can not be from an entitled bundle.

• Only self-created Docker images can be downloaded.

• The Docker image must be an internal image and in status Available.

• You can only select a single Docker image at a time for download.

File Size Considerations

Docker image size should be kept as small as practically possible. To this end, it is best practice to compress the image. After compressing and uploading the image, select your uploaded file and click Manage > Change Format in the top menu to change it to Docker format so ICA can recognize the file.

You can use your own S3 bucket with Illumina Connected Analytics (ICA) for data storage. This section describes how to configure your AWS account to allow ICA to connect to an S3 bucket.

The AWS S3 bucket must exist in the same AWS region as the ICA project. Refer to the table below for a mapping of ICA project regions to AWS regions:

(*) BSSH is not currently deployed on the South Korea instance, resulting in limited functionality in this region with regard to sequencer integration.

For Bring Your Own Storage buckets, all unversioned, versioned and suspended buckets are supported. If you connect buckets with object versioning, the data in ICA will be automatically synced with the data in objectstore.

Configure Bucket CORS Permission

• In the cross-origin resource sharing (CORS) section, enter the following content.

  Copy

  [
      {
          "AllowedHeaders": [
              "*"
          ],
          "AllowedMethods": [
              "HEAD",
              "GET",
              "PUT",
              "POST",
              "DELETE"
          ],
          "AllowedOrigins": [
              "https://ica.illumina.com"
          ],
          "ExposeHeaders": [
              "ETag",
              "x-amz-meta-custom-header"
          ]
      }
  ]

Create AWS IAM Policy

ICA requires specific permissions to access data in an AWS S3 bucket. These permissions are contained in an AWS IAM Policy.

• On Unversioned buckets, paste the JSON policy document below. Note the example below provides access to all objects prefixes in the bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutBucketNotification",
                "s3:ListBucket",
                "s3:GetBucketNotification",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:RestoreObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/YOUR_FOLDER_NAME/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "sts:GetFederationToken"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

• On Versioned OR Suspended buckets, paste the JSON policy document below. Note the example below provides access to all objects prefixes in the bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutBucketNotification",
                "s3:ListBucket",
                "s3:GetBucketNotification",
                "s3:GetBucketLocation",
                "s3:ListBucketVersions",
                "s3:GetBucketVersioning"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:RestoreObject",
                "s3:DeleteObject",
                "s3:DeleteObjectVersion",
                "s3:GetObjectVersion"
            ],
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/YOUR_FOLDER_NAME/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "sts:GetFederationToken"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

• (Optional) Set policy name to "illumina-ica-admin-policy"

To create the IAM Policy via the AWS CLI, create a local file named illumina-ica-admin-policy.json containing the policy content above and run the following command. Be sure the path to the policy document (--policy-document) leads to the path where you saved the file:

aws iam create-policy --policy-name illumina-ica-admin-policy --policy-document file://illumina-ica-admin-policy.json

Create AWS IAM User

An AWS IAM User is needed to create an Access Key for ICA to connect to the AWS S3 Bucket. The policy will be attached to the IAM user to grant the user the necessary permissions.

• (optional) Set user name to "illumina_ica_admin"

• Select the Programmatic access option for the type of access

• (Optional) Retrieve the Access Key ID and Secret Access Key by choosing to Download .csv

To create the IAM user and attach the policy via the AWS CLI, enter the following command (AWS IAM users are global resources and do not require a region to be specified). This command creates an IAM user illumina_ica_admin, retrieves your AWS account number, and then attaches the policy to the user.

aws iam create-user --user-name illumina_ica_admin
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
aws iam attach-user-policy --policy-arn arn:aws:iam::${ACCOUNT_ID}:policy/illumina-ica-admin-policy --user-name illumina_ica_admin

Create AWS Access Key

If the Access Key information was retrieved during the IAM user creation, skip this step.

Use the command below to create the Access Key for the illumina_ica_admin IAM user. Note the SecretAccessKey is sensitive and should be stored securely. The access key is only displayed when this command is executed and cannot be recovered. A new access key must be created if it is lost.

aws iam create-access-key --user-name illumina_ica_admin

    "AccessKey": {
        "UserName": "illumina_ica_admin",
        "AccessKeyId": "<access key id>",
        "Status": "Active",
        "SecretAccessKey": "<secret access key>",
        "CreateDate": "2020-10-22 09:42:24+00:00"
    }

The AccessKeyId and SecretAccessKey values will be provided to ICA in the next step.

S3 Bucket Policy

Connecting your S3 bucket to ICA does not require any additional bucket policies.

However, if a bucket policy is required for use cases beyond ICA, you need to ensure that the bucket policy supports the essential permissions needed by ICA without inadvertently restricting its functionality.

Here is one such example:

{
     "Version": "2012-10-17",
     "Statement": [
         {
             "Effect": "Deny",
             "Principal": {
                 "AWS": "*"
             },
             "Action": [
                 "s3:PutObject",
                 "s3:GetObject",
                 "s3:RestoreObject",
                 "s3:DeleteObject",
                 "s3:DeleteObjectVersion",
                 "s3:GetObjectVersion"
             ],
             "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*",
             "Condition": {
                 "ArnNotLike": {
                     "aws:PrincipalArn": [
                         "arn:aws:iam::YOUR_ACCOUNT_ID:user/YOUR_IAM_USER",
                         "arn:aws:sts::YOUR_ACCOUNT_ID:federated-user/*"
                     ]
                 }
             }
         }
     ]
 }

In this example, we have a restriction enabled on the bucket policy to disallow any kind of access to the bucket. However, there is an exception rule added for the IAM user that ICA is using to connect to the S3 bucket. The exception rule is allowing ICA to perform the above S3 action permissions necessary for ICA functionalities.

Additionally, the exception rule is applied to the STS federated user session principal associated with ICA. Since ICA leverages the AWS STS to provide temporary credentials that allow users to perform actions on the S3 bucket, it is crucial to include these STS federated user session principals in your policy's whitelist. Failing to do so could result in 403 Forbidden errors when users attempt to interact with the bucket's objects using the provided temporary credentials.

Create ICA Storage Credential

To connect your S3 account to ICA, you need to add a storage credential in ICA containing the Access Key ID and Access Key created in the previous step. From the ICA home screen, navigate to System Settings > Credentials and click the Create button to create a new storage credential.

Provide a name for the storage credentials, ensure the type is set to "AWS user" and provide the Access Key ID and Secret Access Key.

Enabling Cross Account Access for Copy and Move Operations

ICA uses AssumeRole to copy and move objects from a bucket in an AWS account to another bucket in another AWS account. To allow cross account access to a bucket, the following policy statements must be added in the bucket policy:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "Allow cross account access",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "ASSUME_ROLE_ARN"
                },
                "Action": [
                    "s3:PutObject",
                    "s3:DeleteObject",
                    "s3:ListMultipartUploadParts",
                    "s3:AbortMultipartUpload",
                    "s3:GetObject"
                ],
                "Resource": [
                    "arn:aws:s3:::YOUR_BUCKET_NAME",
                    "arn:aws:s3:::YOUR_BUCKET_NAME/*"
                ]
            }
        ]
    }

The ARN of the cross account role you want to give permission to is specified in the Principal. Refer to the table below to determine which region-specific Role ARN should be used.

Storage Configuration Troubleshooting Guide

The following are common issues encountered when connecting an AWS S3 bucket through a storage configuration

Conflicting bucket notifications

Volume Configuration cannot be provisioned: storage container is already set up for customer's own notification

Invalid parameters for volume configuration: found conflicting storage container notifications with overlapping prefixes

Failed to update bucket policy: Configurations overlap. Configurations on the same bucket cannot share a common event type

To fix the issue:

1. In the Amazon S3 Console, review your current S3 bucket's notification configuration and look for prefixes that overlaps with your Storage Configuration's key prefix

2. Delete the existing notification that overlaps with your Storage Configuration's key prefix

3. ICA will perform a series of steps in the background to re-verify the connection to your bucket.

GetTemporaryUploadCredentialsAsync failure

This error can occur when recreating a recently deleted storage configuration. To fix the issue, you have to delete the bucket notifications:

2. Choose properties

3. Navigate to the Event Notifications section and choose the check box for the event notifications with name gds:objectcreated, gds:objectremoved and gds:objectrestore and click Delete.

4. Wait 15 minutes for the storage to become available in ICA

If you do not want to wait 15 minutes, you can delete the current storage configuration, delete the bucket notifications in the bucket and create a new storage configuration.

A storage configuration provides ICA with information to connect to an external cloud storage provider, such as AWS S3. The storage configuration validates that the information provided is correct, and then continuously monitors the integration.

Refer to the following pages for instructions to setup supported external cloud storage providers:

Credentials

The storage configuration requires credentials to connect to your storage. AWS uses the security credentials to authenticate and authorize your requests. On the System Settings > Credentials > Create, you can enter these credentials. Long-term access keys consist of a combination of the access key ID and secret access key as a set.

Fill out the following fields:

• Type—The type of access credentials. This will usually be AWS user.

• Name—Provide a name to easily identify your access key.

• Access key ID—The access key you created.

• Secret access key—Your related secret access key.

Create a Storage Configuration

1. In the ICA main navigation, select System Settings > Storage > Create.

2. Configure the following settings for the storage configuration.

   • Type—Use the default value, eg, AWS_S3. Do not change.

   • Region—Select the region where the bucket is located.

   • Configuration name—You will use this name when creating volumes that reside in the bucket. The name length must be in between 3 and 63 characters.

   • Description—Here you can provide a description for yourself or other users to identify this storage configuration.

   • Bucket name—Enter the name of your S3 bucket.

   • Key prefix [Optional]—You can provide a key prefix to allow only files inside the prefix to be accessible. The key prefix must end with "/".

   • If a key prefix is specified, your projects will only have access to that folder and subfolders. For example, using the key prefix folder-1/ ensures that only the data from the folder-1 directory in your S3 bucket is synced with your ICA project. Using prefixes and distinct folders for each ICA project is the recommended configuration as it allows you to use the same S3 bucket for different projects.

   • Using no key prefix results in syncing all data in your S3 bucket (starting from root level) with your ICA project. Your project will have access to your entire S3 bucket, which prevents that S3 bucket from being used for other ICA projects. Although possible, this configuration is not recommended.

   • Secret—Select the credentials to associate with this storage configuration. These were created on the Credentials tab.

   • Server Side Encryption [Optional]—If needed, you can enter the algorithm and key name for server-side encryption processes.

3. Select Save.

With the action Set as default for region, you select which storage will be used as default storage in a region for new projects of your tenant. Only one storage can be default at a time for a region, so selecting a new storage as default will unselect the previous default. If you do not want to have a default, you can select the default storage and the action will become Unset as default for region.

The System Settings > Credentials > Share action is used to make the storage available to everyone in your tenant. By default, storage is private per user so that you have complete control over the contents. Once you decide you want to share the storage, simply select it and use the Share action. Do take into account that once shared, you can not unshare the storage. Once your storage is used in a project, it can also no longer be deleted.

Storage Configuration Verification

Every 4 hours, ICA will verify the storage configuration and credentials to ensure availability. When an error is detected, ICA will attempt to reconnect once every 15 minutes. After 200 consecutively failed connection attempts (50 hours), ICA will stop trying to connect.

When you update your credentials, the storage configuration is automatically validated. In addition, you can manually trigger revalidation when ICA has stopped trying to connect by selecting the storage and then clicking Validate on the System Settings > Storage > Manage.

Supported Storage Classes

The Data section gives you access to the files and folders stored in the project as well as those linked to the project. Here, you can perform searches and data management operations such as moving, copying, deleting and (un)archiving.

Recommended Practices

File/Folder Naming

Data Formats

Data Privacy

Data Integrity

Data Management

Viewing Data

On the Projects > your_project > Data page, you can view file information and preview files.

To view file details click on the filename to see the file details.

• Run input tags identify the last 100 pipelines which used this file as input.

• Connector tags indicate if the file was added via browser upload or connector.

To view file contents, select the checkbox at the begining of the line and then select View from the top menu. Alternatively, you can first click on the filename to see the details and then click view to preview the file.

To see the ongoing actions (copying from, copying to, moving from, moving to) on data in the data overview (Projects > your_project > Data), add the ongoing actions column from the column list. This contains a list of ongoing actions sorted by when they were created. You can also consult the data detail view for ongoing actions by clicking on the data in the overview. When clicking on an ongoing action itself, the data job details of the most recent created data job are shown.

For folders, the list of ongoing actions is displayed on top left of the folder details. When clicking the list, the data job details are shown of the most recent created data job of all actions.

Secondary Data

When Secondary Data is added to a data record, those secondary data records are mounted in the same parent folder path as the primary data file when the primary data file is provided as an input to a pipeline. Secondary data is intended to work with the CWL secondaryFiles feature. This is commonly used with genomic data such as BAM files with companion BAM index files (refer to https://www.ncbi.nlm.nih.gov/tools/gbench/tutorial6/ for an example).

Hyperlinking to Data

To hyperlink to data, use the following syntax:

Uploading Data

Uploading data to the platform makes it available for consumption by analysis workflows and tools.

UI Upload

To upload data manually via the drag-and-drop interface in the platform UI, go to Projects > your_project > Data and either

• Drag a file from your system into the Choose a file or drag it here box.

• Select the Choose a file or drag it here box, and then choose a file. Select Open to upload the file.

Your files are added to the Data page with status partial during upload and become available when upload completes.

Upload Data via CLI

Copying Data

You can copy data from the same project to a different folder or from another project to which you have access.

In order to copy data, the following rights must be assigned to the person copying the data:

The following restrictions apply when copying data:

To use data copy:

1. Go to the destination project for your data copy and proceed to Projects > your_project > Data > Manage > Copy From.

2. Optionally, use the filters (Type, Name, Status, Format or additional filters) to filter out the data or search with the search box.

3. Select the data (individual files or folders with data) you want to copy.

4. Select any meta data which you want to keep with the copied data (user tags, technical system tags or instrument information).

5. Select which action to take if the data already exists (overwrite exsiting data, don't copy or keep both the original and the new copy by appending a number to the copied data).

6. Select Copy Data to copy the data to your project. You can see the progress in Projects > your_project > Activity > Batch Jobs and if your browser permits it, a pop-up message will be displayed whan the copy process completes.

The outcome can be

• INITIALIZED

• WAITING_FOR_RESOURCES

• RUNNING

• STOPPED - When choosing to stop the batch job.

• SUCCEEDED - All files and folders are copied.

• PARTIALLY_SUCCEEDED - Some files and folders could be copied, but not all. Partially succeeded will typically occur when files were being modified or unavailable while the copy process was running.

• FAILED - None of the files and folders could be copied.

To see the ongoing actions on data in the data overview (Projects > your_project > Data), you can add the ongoing actions column from the column list with the three column symbol at the top right, next to the filter funnel. You can also consult the data detail view for ongoing actions by clicking on the data in the overview.

There is a difference in copy type behavior between copying files and folders. The behavior is designed for files and it is best practice to not copy folders if there already is a folder with the same name in the destination location.

Move Data

You can move data both within a project and between different projects to which you have access. If you allow notifications from your browser, a pop-up will appear when the move is completed.

• Move From is used when you are in the destination location.

• Move To is used when you are in the source location. Before moving the data, pre-checks are performed to verify that the data can be moved and no currently running operations are being performed on the folder. Conflicting jobs and missing permissions will be reported. Once the move has started, no other operation should be performed on the data being moved to avoid potential data loss or duplication. Adding or (un)archiving files during the move may result in duplicate folders and files with different identifiers. If this happens, you will need to manually delete the duplicate files and move the files which were skipped during the initial move.

There are a number of rights and restrictions related to data move as this will delete the data in the source location.

Move Data From

Move Data From is used when you are in the destination location.

1. Navigate to Projects > your_project > Data > your_destination_location > Manage > Move From.

2. Select the files and folders which you want to move.

3. Select the Move button. Moving large amounts of data can take considerable time. You can monitor the progress at Projects > your_project > Activity > Batch Jobs.

Move Data To

Move Data To is used when you are in the source location. You will need to select the data you want to move from to current location and the destination to move it to.

1. Navigate to Projects > your_project > Data > your_source_location.

2. Select the files and folders which you want to move.

3. Select to Projects > your_project > Data > your_source_location > Manage > Move To.

4. Select your target project and location.
5. Select the Move button. Moving large amounts of data can take considerable time. You can monitor the progress at Projects > your_project > Activity > Batch Jobs.

Move Status

• INITIALIZED

• WAITING_FOR_RESOURCES

• RUNNING

• STOPPED - When choosing to stop the batch job.

• SUCCEEDED - All files and folders are moved.

• PARTIALLY_SUCCEEDED - Some files and folders could be moved, but not all. Partially succeeded will typically occur when files were being modified or unavailable while the move process was running.

• FAILED - None of the files and folders could be moved.

To see the ongoing actions on data in the data overview (Projects > your_project > Data), you can add the ongoing actions column from the column list with the three column symbol at the top right, next to the filter funnel. You can also consult the data detail view for ongoing actions by clicking on the data in the overview.

Download Data

Single files can be downloaded directly from within the UI.

• Select the checkbox next to the file which you want to download, followed by Download > Download file.

• Files for which ICA can display the contents can be viewed by clicking on the filename, followed by the View tab. Select the download action on the view tab to download the file. Note that larger files may take some time to load.

Schedule for Download

You can trigger an asynchronous download via service connector using the Schedule for Download button with one or more files selected.

1. Select a file or files to download.

2. Select Download > Download files or folders using a service connector. This will display a list of all available connectors.

3. Select a connector, and then select Schedule for Download. If you do not find the connector you need or you do not have a connector, you can click the Don't have a connector yet? option to create a new connector. You must then install this new connector and return to the file selection in step 1 to use it.

You can view the progress of the download or stop the download on the Activity page for the project.

Export Project Data Information

The data records contained in a project can be exported in CSV, JSON, and excel format.

1. Select one or more files to export.

2. Select Export.

3. Select the following export options:

   • To export only the selected file, select the Selected rows as the Rows to export option. To export all files on the page, select Current page.

   • To export only the columns present for the file, select the Visible columns as the Columns to export option.

4. Select the export format.

Archiving and Deleting files

To manually archive or delete files, do as follows:

1. Select the checkbox next to the file or files to delete or archive.

2. Select Manage, and then select one of the following options:

   • Archive — Move the file or files to long-term storage (event code ICA_DATA_110).

   • Unarchive — Return the file or files from long-term storage. Unarchiving can take up to 48 hours, regardless of file size. Unarchived files can be used in analysis (event code ICA_DATA_114).

   • Delete — Remove the file completely (event code ICA_DATA_106).

When attempting concurrent archiving or unarchiving of the same file, a message will inform you to wait for the currently running (un)archiving to finish first.

To archive or delete files programmatically, you can use ICA's API endpoints:

2. Modify the dates of the file to be deleted/archived.

Link Project Data

Linking a folder creates a dynamic read-only view of the source data. You can use this to get access to data without running the risk of modifying the source material and to share data between projects. In addition, linking ensures changes to the source data are immediately visible and no additional storage is required.

You can recognise linked data by the green color and see the owning project as part of the details.

Since this is read-only access, you cannot perform actions on linked data that need to write access. Actions like (un)archiving, linking, creating, deleting, adding or moving data and folders, and copying data into the linked data are not possible.

You can perform analysis on data from other projects by linking data from that project.

1. Select Projects > your_project > Data > Manage, and then select Link.

2. To view data by project, select the funnel symbol, and then select Owning Project. If you only know which project the data is linked to, you can choose to filter on linked projects.

3. Select the checkbox next to the file or files to add.

4. Select Select Data.

Your files are added to the Data page. To view the linked data file, select Add filter, and then select Links.

Linking Folders

If you link a folder instead of individual files, a warning is displayed indicating that, depending on the size of the folder, linking may take considerable time. The linking process will run in the background and the progress can be monitored on the Projects > your_project > activity > Batch Jobs screen.

To see more details, double-click the batch job.

To see how many individual files are already linked, double-click the item.

Unlinking Project Data

To unlink the data, go to the root level of your project and select the linked folder or if you have linked individual files separately, then you can select those linked files (limited to 100 at a time) and select Manage > Unlink. As during linking a folder, when unlinking, the progress can be monitored at Projects > your_project > activity > Batch Jobs.

Non-indexed Folders

The GUI considers non-indexed folders as a single object. You can access the contents from a non-indexed folder

• as Analysis input/output

• in Bench

• via the API

A Tool is the definition of a containerized application with defined inputs, outputs, and execution environment details including compute resources required, environment variables, command line arguments, and more.

Create a Tool

Tools define the inputs, parameters, and outputs for the analysis. Tools are available for use in graphical CWL pipelines by any project in the account.

1. Select System Settings > Tool Repository > + Create.

2. Configure tool settings in the tool properties tabs. See Tool Properties.

3. Select Save.

Tool Properties

The following sections describe the tool properties that can be configured in each tab.

Information Tab

Tool Status

The release status of the tool. can be one of "Draft", "Release Candidate", "Released" or "Deprecated".

Documentation Tab

The Documentation tab provides options for configuring the HTML description for the tool. The description appears in the Tool Repository but is excluded from exported CWL definitions.

General Tool Tab

The General Tool tab provides options to configure the basic command line.

The Hints/Requirements include CWL features to indicate capabilities expected in the Tool's execution environment.

• Inline Javascript

  • The Tool contains a property with a JavaScript expression to resolve it's value.

• Initial workdir

  • The workdir can be any of the following types:

    • String or Expression — A string or JavaScript expression, eg, $(inputs.InputFASTA)

    • File or Dir — A map of one or more files or directories, in the following format: {type: array, items: [File, Directory]}

    • Dirent — A script in the working directory. The Entry name field specifies the file name.

• Scatter feature — Indicates that the workflow platform must support the scatter and scatterMethod fields.

Tool Arguments Tab

The Tool Arguments tab provides options to configure base command parameters that do not require user input.

Tool arguments may be one of two types:

• String or Expression — A literal string or JavaScript expression, eg --format=bam.

• Binding — An argument constructed from the binding of an input parameter.

The following table describes the argument input fields.

Example

Tool Inputs Tab

The Tool Inputs tab provides options to define the input files and directories for the tool. The following table describes the input and binding fields. Selecting multi value enables type binding options for adding prefixes to the input.

Tool Settings Tab

The Tool Settings tab provides options to define parameters that can be set at the time of execution. The following table describes the input and binding fields. Selecting multi value enables type binding options for adding prefixes to the input.

Tool Outputs Tab

The Tool Outputs tab provides options to define the parameters of output files.

The following table describes the input and binding fields. Selecting multi value enables type binding options for adding prefixes to the input.

Tool CWL Tab

The Tool CWL tab displays the complete CWL code constructed from the values entered in the other tabs. the CWL code automatically updates when changes are made in the tool definition tabs, and any changes to the CWL code are reflected in the tool definition tabs.

❗️ Modifying data within the CWL editor can result in invalid code.

Edit a Tool

1. From the System Settings > Tool Repository page, select a tool.

2. Select Edit.

Update Tool Status

1. From the System Settings > Tool Repository page, select a tool.

2. Select the Information tab.

3. From the Status drop-down menu, select a status.

4. Select Save.

Import Tool

In addition to the interactive Tool builder, the platform GUI also supports working directly with the raw definition when developing a new Tool. This provides the ability to write the Tool definition manually or bring an existing Tool's definition to the platform.

A simple example CWL Tool definition is provided below.

#!/usr/bin/env cwl-runner

cwlVersion: v1.0
class: CommandLineTool
label: echo
inputs:
  message:
    type: string
    default: testMessage
    inputBinding:
      position: 1
outputs:
  echoout:
    type: stdout
baseCommand:
- echo

When creating a new Tool, navigate to System Settings > Tool Repository > your_tool > Tool CWL tab to show the raw CWL definition. Here a CWL CommandLineTool definition may be pasted into the editor. After pasting into the editor, the definition is parsed and the other tabs for visually editing the Tool will populate according to the definition contents.

Creating Your First Tool - Tips and Tricks

• General Tool - includes your base command and various optional configurations.

  • The base command is required for your tool to run, e.g. python /path/to/script.py such that python and /path/to/script.py are added in separate lines.

  • Inline Javascript requirement - must be enabled if you are using Javascript anywhere in your tool definition.

  • Initial workdir requirement - Dirent Type

    • Your tool must point to a script that executes your analysis. That script can either be provided in your Docker image or using a Dirent. Defining a script via Dirent allows you to dynamically modify your script without updating your Docker image. In order to define your Dirent script define your script name under Entry name (e.g. runner.sh) and the script content under Entry. Then, point your base command to that custom script, e.g. bash runner.sh.

❗ What's the difference between Settings and Arguments?

Settings are exposed at the pipeline level with the ability to get modified at launch, while Arguments are intended to be immutable and hidden from users launching the pipeline.

• How to reference your tool inputs and settings throughout the tool definition?

  • You can either reference your inputs using their position or ID.

    • Settings can be referenced using their defined IDs, e.g. $(inputs.InputSetting)

    • All inputs can also be referenced using their position, e.g. bash script.sh $1 $2

In order to run Nextflow pipelines, the following process-level attributes within the Nextflow definition must be considered.

System Information

(*) Pipelines will still run when 20.10.0 will be deprecated, but you will no longer be able to choose it when creating new pipelines.

Nextflow Version

You can select the Nextflow version while building a pipeline as follows:

Compute Node

For each compute type, you can choose between the scheduler.illumina.com/lifecycle: standard (default - AWS on-demand) or scheduler.illumina.com/lifecycle: economy (AWS spot instance) tiers.

Compute Type

pod annotation: 'scheduler.illumina.com/presetSize', value: 'fpga-medium'

process foo {
    // Assuming that params.compute_size is set to a valid size such as 'standard-small', 'standard-medium', etc.
    pod annotation: 'scheduler.illumina.com/presetSize', value: "${params.compute_size}"
}

// Set the default pod
pod = [
    annotation: 'scheduler.illumina.com/presetSize',
    value     : 'standard-small'
]

withName: 'big_memory_process' {
    pod = [
        annotation: 'scheduler.illumina.com/presetSize',
        value     : 'himem-large'
    ]
}

// Use an FPGA instance for dragen processes
withLabel: 'dragen' {
    pod = [
        annotation: 'scheduler.illumina.com/presetSize',
        value     : 'fpga-medium'
    ]
}

Inputs

Outputs

publishDir 'out', mode: 'symlink'

Nextflow Configuration

Syntax highlighting is determined by the file type, but you can select alternative syntax highlighting with the drop-down selection list.

The following configuration settings will be ignored if provided as they are overridden by the system:

executor.name
executor.queueSize
k8s.namespace
k8s.serviceAccount
k8s.launchDir
k8s.projectDir
k8s.workDir
k8s.storageClaimName
k8s.storageMountPath
trace.enabled
trace.file
trace.fields
timeline.enabled
timeline.file
report.enabled
report.file
dag.enabled
dag.file

To use a reference set from within a project, you have first to add it. From the project's page select Flow > Reference Data > Manage > +Add to project. Then select a reference set to add to your project. You can select the entire reference set, or click the arrow next to it to expand it. After expanding, scroll to the right, to see the individual reference files in the set. You can select individual reference files to add to your project, by checking the boxes next to them.

Note: Reference sets are only supported in Graphical CWL pipelines.

Copying Reference Data to other Regions

1. Navigate to Reference Data (outside of Project context).

2. Select the data set(s) you wish to add to another region and select Actions > Copy to another project.

3. Select a project located in the region where you want to add your reference data.

4. You can check in which region(s) Reference data is present by double-clicking on individual files in the Reference set and viewing Copy Details on the Data details tab.

5. Allow a few minutes for new copies to become available before use.

Note: You only need one copy of each reference data set per region. Adding Reference Data sets to additional projects set in the same region does not result in extra copies, but creates links instead. This is done from inside the project at Projects > <your_project> > Flow > Reference Data > Manage > Add to project.

Creating a Pipeline with Reference Data

To create a pipeline with a reference data use the CWL - graphical mode (important restriction: as of now you cannot use reference data for pipelines created in advanced mode). Use the reference data icon instead of regular input icon. On the right hand side use the Reference files submenu to specify the name, the format, and the filters. You can specify the options for an end-user to choose from and a default selection. You can select more than 1 file, but you can only select 1 at a time (so, repeat process to select multiple reference files). If you only select 1 reference file, that file will be the only one users can use with your pipeline. In the screenshot a reference data with two options is presented.

If your pipeline was built to give users the option of choosing among multiple input reference files, they will see the option to select among the reference files you configured, under Settings.

After clicking the magnifying glass icon the user can select from provided options.

Compute Type

To specify a compute type for a CWL CommandLineTool, use the ResourceRequirement with a custom namespace.

requirements:
    ResourceRequirement:
        https://platform.illumina.com/rdf/ica/resources:type: fpga
        https://platform.illumina.com/rdf/ica/resources:size: small 
        https://platform.illumina.com/rdf/ica/resources:tier: standard

For example, take the following ResourceRequirements:

requirements:
    ResourceRequirement:
      ramMin: 10240
      coresMin: 6

This would result in a best fit of standard-large ICA Compute Type request for the tool.

• If the specified requirements can not be met by any of the presets, the task will be rejected and failed.

• FPGA requirements can not be set by means of CWL ResourceRequirements.

• The Machine Profile Resource in the graphical editor will override whatever is set for requirements in the ResourceRequirement.

Considerations

If no Docker image is specified, Ubuntu will be used as default. Both : and / can be used as separator.

CWL Overrides

In ICA you can provide the "override" recipes as a part of the input JSON. The following example uses CWL overrides to change the environment variable requirement at load time.

icav2 projectpipelines start cwl cli-tutorial --data-id fil.a725a68301ee4e6ad28908da12510c25 --input-json '{
  "ipFQ": {
    "class": "File",
    "path": "test.fastq"
  },
  "cwltool:overrides": {
  "tool-fqTOfa.cwl": {
    "requirements": {
      "EnvVarRequirement": {
        "envDef": {
          "MESSAGE": "override_value"
          }
        }                                       
       }
      }
    }
}' --type-input JSON --user-reference overrides-example

A Pipeline is a series of Tools with connected inputs and outputs configured to execute in a specific order.

Create a Pipeline

Pipelines are created and stored within projects.

1. Navigate to Projects > your_project > Flow > Pipelines > +Create.

2. Select CWL Graphical, CWL code (XML / JSON) or Nextflow (XML / JSON) to create a new Pipeline.

3. Configure pipeline settings in the pipeline property tabs.

4. When creating a graphical CWL pipeline, drag connectors to link tools to input and output files in the canvas. Required tool inputs are indicated by a yellow connector.

5. Select Save.

You can edit pipelines while they are in Draft or Release Candidate status. Once released, pipelines can no longer be edited.

Pipeline Properties

The following sections describe the tool properties that can be configured in each tab of the pipeline editor.

Graphical vs Code definition

Depending on how you design the pipeline, the displayed tabs differ between the graphical and code definitions. For CWL you have a choice on how to define the pipeline, Nextflow is always defined in code mode.

Any additional source files related to your pipeline will be displayed here in alphabetical order.

See the following pages for language-specific details for defining pipelines:

Details

The details tab provides options for configuring basic information about the pipeline.

The following information becomes visible when viewing the pipeline details.

The clone action will be shown in the pipeline details at the top-right. Cloning a pipeline allows to create modifications without impacting the original pipeline. When cloning a pipeline, you become the owner of the cloned pipeline.

When you clone a Nextflow pipeline, a verification of the configured Nextflow version is done to ensure no deprecated versions are used.

Documentation

The Documentation tab provides options for configuring the HTML description for the tool. The description appears in the tool repository but is excluded from exported CWL definitions. If no documentation has been provided, this tab will be empty.

Definition (Graphical)

When using graphical mode for the pipeline definition, the Definition tab provides options for configuring the pipeline using a visualization panel and a list of component menus.

XML Configuration / JSON Inputform Files (code)

This page is used to specify all relevant information about the pipeline parameters.

Analysis Report (Graphical)

The Analysis Report tab provides options for configuring pipeline execution reports. The report is composed of widgets added to the tab.

Configure Pipeline Analysis Report (Graphical CWL Only)

The pipeline analysis report appears in the pipeline execution results. The report is configured from widgets added to the Analysis Report tab in the pipeline editor.

1. [Optional] Import widgets from another pipeline.

   1. Select Import from other pipeline.

   2. Select the pipeline that contains the report you want to copy.

   3. Select an import option: Replace current report or Append to current report.

   4. Select Import.

2. From the Analysis Report tab, select Add widget, and then select a widget type.

3. Configure widget details.

   Widget

   Settings

   Title

   Add and format title text.

   Analysis details

   Add heading text and select the analysis metadata details to display.

   Free text

   Add formatted free text. The widget includes options for placeholder variables that display the corresponding project values.

   Inline viewer

   Add options to view the content of an analysis output file.

   Analysis comments

   Add comments that can be edited after an analysis has been performed.

   Input details

   Add heading text and select the input details to display. The widget includes an option to group details by input name.

   Project details

   Add heading text and select the project details to display.

   Page break

   Add a page break widget where page breaks should appear between report sections.

4. Select Save.

Free Text Placeholders

Metadata Model

Nextflow Files (code)

Main.nf (code)

The Nextflow project main script.

Nextflow.config (code)

The Nextflow configuration settings.

CWL files (code)

Workflow.cwl (code)

The Common Workflow Language main script.

+ Create (code)

Multiple files can be added to make pipelines more modular and manageable.

Syntax highlighting is determined by the file type, but you can select alternative syntax highlighting with the drop-down selection list. The following formats are supported:

• DIFF (.diff)

• GROOVY (.groovy .nf)

• JAVASCRIPT (.js .javascript)

• JSON (.json)

• SH (.sh)

• SQL (.sql)

• TXT (.txt)

• XML (.xml)

• YAML (.yaml .cwl)

Compute Nodes

For each process defined by the workflow, ICA will launch a compute node to execute the process.

• For each compute type, the standard (default - AWS on-demand) or economy (AWS spot instance) tiers can be selected.

• When selecting an fpga instance type for running analyses on ICA, it is recommended to use the medium size. While the large size offers slight performance benefits, these do not proportionately justify the associated cost increase for most use cases.

• When no type is specified, the default type of compute node is standard-small.

By default, compute nodes have no scratch space. This is an advanced setting and should only be used when absolutely necessary as it will incur additional costs and may offer only limited performance benefits because it is not local to the compute node.

For simplicity and better integration, consider using shared storage available at /ces. It is what is provided in the Small/Medium/Large+ compute types. This shared storage is used when writing files with relative paths.

Compute Types

Daemon sets and system processes consume approximately 1 CPU and 2 GB Memory from the base values shown in the table. Consumption will vary based on the activity of the pod.

Start a New Analysis

Use the following instructions to start a new analysis for a single pipeline.

1. Select a project.

2. From the project menu, select Flow > Pipelines.

3. Select the pipeline or pipeline details of the pipeline you want to run.

4. Select Start Analysis.

5. Configure analysis settings. See Analysis Properties.

6. Select Start Analysis.

7. View the analysis status on the Analyses page.

   • Requested—The analysis is scheduled to begin.

   • In Progress—The analysis is in progress.

   • Succeeded—The analysis is complete.

   • Failed and Failed Final—The analysis has failed or was aborted.

8. To end an analysis, select Abort.

9. To perform a completed analysis again, select Re-run.