Site Report: CERN Helge Meinhard / CERN-IT HEPiX, Jefferson Lab 09 October 2006
Communication Systems Checking VoIP and possible gateways New audio conference system with Web- based booking New LCG backbone in CERN CC fully operational Existing LCG services being migrated
Database and Engineering Support Oracle Licence agreement for LHC covering 10 of the 11 Tier 1 sites as well Very serious bug in : Wrong cursor sharing Took several weeks to provide a fix Evaluating NAS storage for databases Twiki: migrated to version 4 See talk by Hege Hansbakk later CVS services going well CMS moved their repositories
Fabric Infrastructure and Operation (1) Linux SLC4 for LHC startup (SLC5 too late, probably not before 2Q or 3Q 2007) Support for SLC3 to stop October 2007 SLC4 capacity set up in lxplus and lxbatch Operations contract re-tendered SURE (alarm GUI for CC operators) replaced by LAS Lots of service interruptions Power cuts Partly site-wide Failures of air conditioning Emergency shutdown of non-critical machines
Fabric Infrastructure and Operations (2) Machines coming in 95 serial console concentrators 30 dual-core AMD servers (yeah…) 100 CPU servers (dual-core Woodcrest) 200 midrange servers 60 disk arrays 50 small disk servers Partly need 100 cm deep racks In the pipeline: 650 CPU servers, 180 big disk servers Study cases: fat disk servers (SW RAID?), virtualisation Technical student working on IPMI functionality and deployment
Fabric Infrastructure and Operations (3) New tapes / robots from IBM and Sun tested extensively Tender based on service for Petabytes, including all media costs Final decision awaiting approval by CERN Finance Committee More detailed planning for LHC accelerator start-up “January 2007” delivery is probably the only one for 2007 Service Level Status Overview See talk by Sebastian Lopienski later
Fabric Infrastructure and Operations (4) Castor 2 Most migrations done Positive conclusions from Castor Readiness review Backup TSM based, 35% annual growth rate Working on replacing AIX servers by Linux Console manager software Lots of improvements, common code repository SLAC/CERN S.M.A.R.T. sensors now used to raise alarms See talk by Tony Cass later Odds and ends Faulty disk sleds replaced by cages on 60 older disk servers Firmware upgraded on 1300 SATA disks
Grid deployment Upgrade to gLite 3 went very well Service challenge 4 ongoing Not yet production quality everywhere Workshop for Tier 2s very successful
Internet Services (1) Insecure mail protocols switched off POP / IMAP without SSL Anonymous SMTP Anonymous LDAP Evaluating providers of real-time spam blocking lists Whitelisted collaborating labs
Internet Services (2) Printing: Printers being moved from old Linux boxes to Windows servers No server-side processing any more Windows on demand: virtual servers in production See presentation at HEPiX Rome CERN CA production-ready, awaiting accreditation Users on XP without admin privileges by default
Internet services (3) Computer Management Framework (CMF) put into production Presented at HEPiX in Rome Flexible choice of setup while maintaining strong management (patches can be forced) Few initial hiccups, but now going well Odds and ends 24 power supply modules broke – servers had been switched off, but connected to AC power. PSU fans not spinning, overheat
Physics Services Support All physics database services migrated to Oracle RAC Two new RAC installations (30 servers, 30 disk arrays each) being set up
Computer Security Mac OS X: Exploits have been seen CERN firewall: All TCP and UDP ports closed by default Some Linux boxes root-compromised due to weak passwords Serious security hole in VNC product has accelerated VNC port blockage Reviewing the need for outside visible ssh servers (reduced by 80%) Compromised Web server (vulnerable PHP scripts) Insecure security products Vulnerability in Symantec AntiVirus
Miscellaneous Computer user registration: CCDB replaced by CRA Accounts blocked automatically CERN Openlab phase 2: HP, Intel, Oracle as partners, some more contributors CERN active in Open Access initiative