9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL rl.ac.uk 9 April 1999 (

9-Apr-99D.P.Kelsey, HTASC report2 HTASC #11 4th/5th March 1999, CERN Agenda Routine business –including Roundtable update Report from HEPNT group Report from Security group Y2k problem Software licensing

9-Apr-99D.P.Kelsey, HTASC report3 HTASC Membership Two new members –Ola Borrebaek (Norway) –Nicanor Colino (Spain) Still no participation from Austria, Finland, Greece, Portugal and Sweden HTASC #11 –15 members in attendance

9-Apr-99D.P.Kelsey, HTASC report4 Roundtable update Essentially unanimous agreement –European network (TEN-155) is good –poor/unusable access to USA Some concern (privacy implications) about CERNs monitoring of network traffic Network charging (CH by volume, HU by bandwidth, UK/transatlantic by volume) Increasing activity in Video Conferencing Linux growing fast –worries about support and user-managed systems

9-Apr-99D.P.Kelsey, HTASC report5 HEPNT Open Meeting: 2-4 Dec 98 (CERN) – successful first meeting –67 participants from 11 countries (incl. USA and Canada) important themes –Installation, configuration and management –Windows 2000 (NT V5) –Security –UNIX/NT integration –File serving/sharing –HEP applications on NT

9-Apr-99D.P.Kelsey, HTASC report6 HEPNT (2) 28/29 Jan 99: closed meeting (CERN) WAN file sharing –INFN proposal for WAN NT domain –Identified need for tests of RAS/PPTP over Internet –AFS/NT is the interim solution –WWW is likely to be the future Windows 2000 (NT5) –several test domains exist –more are coming (e.g. a CERN WG) –useful to collaborate on migration to Windows 2000 Aim to complete web pages by June 99

9-Apr-99D.P.Kelsey, HTASC report7 HEPNT (3) Future plans –HEPiX (14-16 April 99 at RAL) includes various NT talks –20/21 May 99 closed HEPNT (DESY-Zeuthen) finalise web pages review mandate (report back to HTASC/HEPCCC) plans for Windows 2000 –joint HEPiX/HEPNT meeting (USA, Autumn 99) 2nd Open HEPNT meeting (1st in USA) –Windows 2000 migration group?

9-Apr-99D.P.Kelsey, HTASC report8 Security Group New group, created at last HEP-CCC See next 7 slides from Tobias Haas (chairman) report delayed until June 99 HTASC meeting

4-Mar-99HTASC security, Tobias Haas9 Mandate Draft Mandate of HTASC Computer/Network Security Subgroup ================================================ Advise HTASC/HEPCCC on Computer and Network Security needs and to suggest policies to meet those needs for HEP laboratories and institutes by defining computer/network security guidelines for HEP institutions, estimating the resources needed to implement such guidelines, suggesting means of communication between the institutions in case of security incidents.

4-Mar-99HTASC security, Tobias Haas10 Membership(updated) A. Flavell (UK) J. Gamble (CERN) T. Haas (Germany/Chair) J. Kadlecsik (Hungary) W. Niepraschk (Germany/DESY) to be confirmed... R. Cowles (SLAC)? B. Perrot (LAL, Orsay)? E. Wassenar (NIKHEF)?

4-Mar-99HTASC security, Tobias Haas11 Schedule Report to March HEPCCC. Delayed by Chairmans fault. Plan now: –get going during this meeting –circulate draft recommendation soon after –finalize asap.

4-Mar-99HTASC security, Tobias Haas12 Basic Ideas General Awareness Scope of Security Summarize activities in various labs/universities Extract common trends/recommendations

4-Mar-99HTASC security, Tobias Haas13 Organizational Issues Management Support –responsibilities coordination team expert team –policy –personnel issues National Specialties National/International Support

4-Mar-99HTASC security, Tobias Haas14 Technical Issues Firewalls Monitoring Different Operating Systems Examples for general good practice –passwords –file protections Hot Topics

4-Mar-99HTASC security, Tobias Haas15 Emergency Procedures WWW –When? –Who? –What?

9-Apr-99D.P.Kelsey, HTASC report16 Y2k problem brief discussion at HTASC #10 and last HEPCCC Lab infrastructure is assumed to be under control - if not, already too late! HTASC is concerned with the experimental collaborations Wolfgang Tejessey (Y2k coordinator for CERN/EP) told us about CERNs Y2k work See Wolfgangs slides (below)slides

9-Apr-99D.P.Kelsey, HTASC report17 Y2k problem(2) HTASC was impressed by the work under way at CERN There seems to be nothing similar at DESY –HERA will run over the 1999/2000 rollover! Many experiments have done a lot of work But… no room for complacency Should continue to raise awareness (aim for 100%) –particularly at DESY? Requiring documentation (e.g. web) makes collaborations consider the problem

9-Apr-99D.P.Kelsey, HTASC report18 Y2k problem(3) HTASC recommends… HEP-CCC should continue to remind HEP experiments: It is their duty to analyse and fix Y2k problems. They should document their strategy and decisions. Highest priority to be given to matters of safety and mission-critical items. should include detailed 99/00 roll-over plans (shutdown, startup, availability of experts etc.) Contingency plans should be made for mission- critical items

9-Apr-99D.P.Kelsey, HTASC report19 Software licensing HTASC discussion... HEP has decided to use more commercial software. Computer hardware is getting cheaper. BUT, commercial software costs are high! Many, particularly poorer institutes, find that the costs are too large, both for initial licenses and ongoing maintenance, when not centrally funded It used to be relatively easy to buy expensive hardware, but it is much more difficult to obtain funding for software!

9-Apr-99D.P.Kelsey, HTASC report20 Software licensing (2) Some examples (figures are only illustrative!): NIKHEF PCs recently installed at FNAL (D0) –3K NLG/PC (2K CHF/PC) for software package –includes 500 CHF for the KAI compiler Objectivity –$150k for 100 licenses (10% development) –$2.5k/user for a full development license (or 10KDM) LSF (batch) –recently become more expensive –$150/cpu (or 600 DM/cpu) –clients cost ~20% of server license

9-Apr-99D.P.Kelsey, HTASC report21 Software licensing (3) Consequences of these high costs... Objectivity –DESY (Hera) would like to use LHC++/Objectivity –investigating use of ROOT and JAS instead Batch systems –CERN (and other places) have chosen LSF to replace NQS –but high cost has resulted in Italy using Condor and IN2P3 developing something on top of NQS This causes problems for University groups having to support different experiments using different s/w The (hidden) costs of supporting multiple packages should be included in any cost/benefit analysis

9-Apr-99D.P.Kelsey, HTASC report22 Software licensing (4) Discussion on GEANT4 –Institutes & experiments have signed MOU (Jan99) –Those not signing will receive worse support and lower priority for the development of specific needs –Some in HTASC were not happy about this –There was also a worry that GEANT4 may require some components of LHC++, which may not be available To summarise (last three slides) –there is a great danger of splitting the community e.g. LHC++ for CERN experiments, but not for others –there is room for coordination

9-Apr-99D.P.Kelsey, HTASC report23 Software licensing (5) HTASC recommends... HEP should strive to find the funds for chosen commercial software. A split between physicists having and not having access to the software must be avoided. All efforts should be made to make these standard packages affordable to everyone, including small institutes (HEP-wide deals, central funding etc.). The use of non-standard commercial software in HEP-developed packages should be discouraged.

9-Apr-99D.P.Kelsey, HTASC report24 Future HTASC meetings 10/11 June, 1999 (NIKHEF) –Report from the Security group –Video conferencing 7/8 October, 1999 (CERN) –experience of OO technology (e.g. BaBar) and requirements for training –Networking issues, e.g. differentiated services

9-Apr-99D.P.Kelsey, HTASC report25 Summary HTASC invites HEP-CCC to take note of recommendations –on Y2K –on Software licensing