Welcome to HEPNT Gian Piero Siroli, Physics Dept., Univ. of Bologna LAL, HEPiX-HEPNT 2001

HEPiX-HEPNT 2001, LALGian Piero Siroli History u Windows 2000 Coordination subgroup created by HTASC/HEPCCC after the disbanding of HEPNT (mid98-mid99) u Meetings u Workshops: HEPNT Oct99 (CERN), joint HEPiX/NT Apr00 (Braunschweig), Oct00 (Jefferson Lab), Apr01 (LAL)

HEPiX-HEPNT 2001, LALGian Piero Siroli Mandate u To investigate and test the new features of Microsoft’s Windows 2000 operating system, with particular emphasis on those issues which may need coordination across HEP u To make recommendation to HTASC/HEPCCC on those areas where a coordinated migration plan is required. These plans should take into account any potential benefits, such as the integration with UNIX and improved access of shared resources across HEP u To share the expertise gained with other HEP windows system managers by organising an open windows 2000 workshop and/or by other appropriate means

HEPiX-HEPNT 2001, LALGian Piero Siroli Windows 2000 deployment u Almost a new op.sys. stable and reliable, scales; initial learning step; currently in deployment phase u Different deployment strategies, difficult inter-lab coordination u Single sign-on over HEP not feasible u HEP-wide forest almost impossible (shared common schema needed) u Recommendation: new W2K domain should be called “win” u Dynamic DNS (DDNS) useful and not necessary; no major interoperability problems with UNIX-based DNS

HEPiX-HEPNT 2001, LALGian Piero Siroli Common authentication u Unification of platform (W2K-UNIX) authentication via Kerberos u Precondition: common account database on UNIX and Windows u Investigations at the very beginning u a password synchronization mechanism between UNIX/AFS and Windows 2000 seems to be easy to implement u starting investigations in building a trust relationship between Kerberos 5 realm (MIT or Heimdal) and W2K AD

HEPiX-HEPNT 2001, LALGian Piero Siroli Security u Local issue for each lab u Access ports being closed u Which services need to be made available outside the lab? Currently Web is considered the primary technology for offering services outside the lab boundaries

HEPiX-HEPNT 2001, LALGian Piero Siroli Wide Area access across labs u Important feature for travelling users and optimized distribution of resources (both data and home directory folders) u Currently FTP only access mechanism; inadequate (FTP being closed and poor integration with Windows desktop) u Other mechanisms available: DFS, VPNs, web access (http or shhtp) have both advantages and disadvantages u No best solution recommended

HEPiX-HEPNT 2001, LALGian Piero Siroli Application support u Applications/tools deployment much better in W2K than previous platforms u Applications must be packaged and configured at the same time u Sharing packages across labs u preconditions and rules might be needed u lab specifics in MST u suggestion: create a common area to exchange a few packages and get some experience. Everybody is invited

HEPiX-HEPNT 2001, LALGian Piero Siroli Future? u W2K HTASC Coordination subgroup initial mandate terminated; very useful to exchange information and share experience u Further future needs for HEP-wide coordination? u UNIX-W2K integration/coexistence (e.g. Kerberos) u Data/home folder/resource sharing mechanisms, security related issues u Any other suggestion? u Agreed that the group should continue focusing on W2K issues; meetings should continue at least twice/year