Editorial
Forum for Readers
Announcements
Physics Computing
Desktop Computing
Internet Services and Network
Technical Computing
Desktop Publishing
Education & Documentation
Just For Fun ...
If you need help
Editorial Information
|
HEPiX-HEPNT - TRIUMF, Vancouver (October 2003)
Alan Silverman
, IT/PS
(with help from Helge Meinhard and others)
Abstract
This article is intended to give a global picture of the last
HEPiX-HEPNT meeting which took place at TRIUMF, Vancouver, in
October 2003. We apologize for the fact that, due to the number of
talks and the quite high level technically, this summary looks more like a
series of bullets which covers only some
of the most important points. A complete
and detailed "Trip Report" is available at:
http://www.triumf.ca/hepix2003/pres/24-03/summary/summary.pdf
Highlights
- High attendance for a meeting in North America - the attraction
of Vancouver as a site and security as a subject were cited as
possible reasons, as well as the increasing visibility of HEPiX
- Excellent organisation
- Redhat discussions: although the Redhat speaker did not tell us
anything new (and several attendees expressed disappointment that
he did not announce the solution to our current problem), he did
impress some of us with his sense of commitment to finding a
solution for the current support situation. It seems clear that
Redhat themselves are still working through the ramifications of
their new release policy. [And discussions continue by e-mail since
the meeting.]
- The internal discussion on Redhat the following day seemed to
confirm that the negotiations being undertaken by SLAC, FNAL and
CERN as representatives of the wider HEP community are supported
(although not all sites were represented by decision makers)
- First (?) appearance of vendor exhibits at HEPiX plus talks
from commercial vendors (especially Redhat and Microsoft).
- Sharing of code among HEP sites (CERN's print manager in use in
LAL; SLAC's console management tool being adopted by CERN via a
collaboration; SLAC's monitoring tool used in DESY Zeuthen;
etc)
- A very interactive Large Security SIG all-day session on the
topic of Security. The security officers of all the major sites
were present and the atmosphere often was more of an interactive
workshop.
- The forming of a forum for Mass Storage Systems'
interoperability.
Site Reports
As usual the meeting started with site reports from all the
different laboratories. Various HEP institutes have reported on
their internal solution and implementation regarding:
- Central and distributed computing: Unix is represented with
Linux and Solaris. For Linux both Red Hat (different versions) and
SuSE (at DESY) are implemented. For desktop computing migration to
Windows XP has been done, or is being done in most sites,
- Batch services,
- Backup, disk storage and mass storage,
- Central mail services (including problems with spam) - most of
the laboratories are using central Exchange servers,
- Security,
- Grid activities: LCG integration, test bed for EDG,
etc.
Specific points that have been raised by the
laboratories in their respective site report,
in no particular order:
- Oxford University Particle Physics: plans are to continue
network security and reduce number of Operating Systems. Problems
are the choice for laptops and Red Hat version.
- IN2P3: There are no on-site users, no accelerators or experiments.
All resources are shared and common, except for a small dedicated
grid testbed for software development.
- SLAC: BaBar experiment has resumed data taking in September.
This was seen as a good startup at high rates. They are converting
to a new computing model: Babar events are stored in Root, but
conditions and some metadata are still based on Objectivity.
- Triumf/UBC is the first HEP site to install a large blade cluster
(WestGrid). They are involved in the 10 Gbps link to CERN and achieved
5.5 Gbps sustained.
- LAL: an important issue they have to address is about home
machines connecting to the Lab, despite the instructions that are
provided.
- RAL: they have a new helpdesk, replacing Remedy by Request
Tracker. Outstanding issues are many new developments and services,
P4 Xeon experience giving poor performance, and the Red Hat support
policy.
- GSI: AIX and Windows servers (mail, DHCP, DNS) are being
migrated to Linux.
- BNL: Their future plans are the expansion of the Linux farm,
more scalable solutions for file serving (Panasys, dCache), and to
provide grid services (US Atlas Grid Testbed).
- DESY: Linux will be based on SuSE (mainly on user demand): new
setup routines are being prepared, and new central software
distribution concept will be defined (no longer AFS based). For
future releases, they are considering Debian as well. Grid
activities: centrally supported pool (EDG 1.4) for all Hera groups,
based on SuSE (all tools ported). DESY is a cooperating member of
EGEE, and a founding member of dGrid.
- Jefferson Lab: future plans are standard windows builds
(server, IIS server, desktop, laptop), backup migration to Reliaty,
ssh v2 study. They will continue development for JASMine (batch
farm management and monitoring).
- NIKHEF: they have phased out HP, SGI, and SuSE (keeping only
Solaris and Red Hat Linux). Some parts of the network
infrastructure in the Computer Center have been migrated to Gigabit
Ethernet. They provide a development and application testbed for EDG
(140 nodes, 5 TB), contributing to data challenges of D0 and LHC
experiments. They will be involved in LCG and EGEE.
Presentations
More specific presentations were given on:
- Castor evolution at CERN (by Jean-Damien Durand),
- First experience with Windows Terminal Services at CERN (by
Alberto Pace),
- New fabric management tools in production at CERN (by Thorsten
Kleinwort),
- Mail service at GSI (by Karin Miers),
- CVS status and tools at CERN (by Sebastian Lopienski),
- CERN's Solaris Service Update (porting of EDG WP4 Quattor to
Solaris and status of SUNDEV),
- APT for RPM - Simplified Package Management (tool used by INFN
Napoli for installing their Redhat systems),
- PDSF Host Database Project (for inventory management and
tracking),
- CERN's Console Management Infrastructure (by Helge
Meinhard),
- Debian at GSI (with a comparison with Redhat and SuSE releases
of Linux),
- Web-Based File Systems and Webdav (HTTP protocol extension for
file access via the web),
- Delegating NIS Group Administration (by Alf Wachsmann, SLAC's
system administrator),
- Exchange Deployment and Spam Fighting at CERN (by Alberto
Pace),
- Spam Fighting at TRIUMF,
- Redhat Linux (Don Langley, Redhat sales manager covering
California including SLAC, was invited to discuss the situation
around Redhat),
- AFS Cross-Cell Authentication Using Kerberos 5 (at INFN),
- ADC Tests (various "research activities" going on inside IT/ADC
group at CERN in view of the approaching LHC, including the CERN openlab
initiative and the opencluster),
- Redhat Linux Support Policy (interactive session on reactions
to and consequences of the new Redhat support policy),
- New HEPiX Scripts,
- TiBS - AFS Backup at FNAL,
- TRIUMF Computing Services,
- LCG-1 Status and Deployment,
- LCG Overview and Scaling Challenge,
- Windows Server Hardware Management at DESY,
- Windows and UNIX Interoperability (talk by
Microsoft on tips and tricks to make Windows and UNIX work
together),
- CERN Print Manager Abroad,
- Panasas's Object-Based Storage (Scalable Bandwidth for
Clusters),
Security
One day of the meeting was devoted to "Security". Bob Cowles of
SLAC started the sessions organised under the banner of the Large
System SIG of HEPiX by reviewing recent security "events". He began
by showing the effect on network traffic of the Slammer attack and
how prompt remedial action had prevented a much worse problem. But
it did show how little system patching goes on. As seen in CERN and
elsewhere, he described how the infections arrived in SLAC (VPN,
DHCP, etc) and the steps taken to "encourage" users to patch their
systems. Afterwards, various presentations were made on:
- CERN's Reactions to Recent Attacks,
- Opportunities for Collective Incident Response,
- LCG Security Update,
- Security Components on CERN Farm Nodes,
- Root Kit Detection Tools (from NERSC/PDSF),
- PKI Tutorial,
- CERN's Computer Security Challenge,
- Security Update from KEK,
- Cluster Security at SLAC,
- A Walk Through a Grid Security Incident.
Parallel Sessions (and Workshops)
The last day consisted of 3 parallel sessions:
- Windows Birds of a Feather, leading to discussions on patch
distribution on Windows (using SMS, SUS and group policies) and the
SLAC password synchronization project between Unix/Windows.
- a discussion on how to further the security team collaboration
ideas proposed by Matt Crawford of FNAL for a possible
collaboration in fighting security attacks.
- a video-conference on mass storage with participation remotely
from amongst others FNAL and RAL. The objective was to prepare a fuller
program of mass storage presentations as the theme of the next
Large System SIG day at the Edinburgh HEPiX.
|