Computer and Network Infrastructure for the LHCb RTTC Artur Barczyk CERN/PH-LBC RTTC meeting, 24.02.05.

Slides:

Advertisements

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Advertisements

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

DHCP Security Analysis Dallas Holmes / Matt MacClary ECE 478 Project Spring 2003.

Presented by: Yash Gurung, ICFAI UNIVERSITY.Sikkim BUILDING of 3 R'sCLUSTER PARALLEL COMPUTER.

Network-Attached Storage

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Automating Linux Installations at CERN G. Cancio, L. Cons, P. Defert, M. Olive, I. Reguero, C. Rossi IT/PDP, CERN presented by G. Cancio.

Vincenzo Vagnoni LHCb Real Time Trigger Challenge Meeting CERN, 24 th February 2005.

CNT-150VT. Question #1 Your name Question #2 Your computer number ##

User Management in LHCb Gary Moine, CERN 29/08/

Tier 3g Infrastructure Doug Benjamin Duke University.

Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.

1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Console Infrastructure in the CERN Computer Centre HEPiX / HEPNT Autumn 2003 Vancouver Mostly work done by

Internet Engineering Course Network Design. Internet Engineering Course; Sharif University of Technology Contents Define and analyse an organization network.

Alain Romeyer - 15/06/20041 CMS farm Mons Final goal : included in the GRID CMS framework To be involved in the CMS data processing scheme.

Group Computing Strategy Introduction and BaBar Roger Barlow June 28 th 2005.

+ discussion in Software WG: Monte Carlo production on the Grid + discussion in TDAQ WG: Dedicated server for online services + experts meeting (Thusday.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT THE PAUL SCHERRER INSTITUTE Swiss Light Source (SLS) Particle accelerator.

Installing SME Version 5 –1)Set the computer to boot from the CDRom by changing the BIOS setting. –2)Startup the computer with the CD in the CD drive –3)Type.

Nov 1, 2000Site report DESY1 DESY Site Report Wolfgang Friebel DESY Nov 1, 2000 HEPiX Fall

Computer Networks. Why Create Networks? Communication Communication technologies such as , sms, video-conference can be used Makes communication.

Introduction to U.S. ATLAS Facilities Rich Baker Brookhaven National Lab.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.

RAL PPD Computing A tier 2, a tier 3 and a load of other stuff Rob Harper, June 2011.

Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.

K12LTSP Linux Terminal Server Project for K-12 schools Brought to you by: Eric Harrison, Multnomah Education Service District

1 SUSE LINUX School Server, Peter Varkoly SUSE LINUX School Server Peter Varkoly, Developer

Virtualization for the LHCb Online system CHEP Taipei Dedicato a Zio Renato Enrico Bonaccorsi, (CERN)

Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.

Infrastructure for the LHCb RTTC Artur Barczyk CERN/PH RTTC meeting,

The DCS lab. Computer infrastructure Peter Chochula.

Monte Carlo Data Production and Analysis at Bologna LHCb Bologna.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

DoC Private IaaS Cloud Thomas Joseph Cloud Manager

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Status of the new NA60 “cluster” Objectives, implementation and utilization NA60 weekly meetings Pedro Martins 03/03/2005.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..

Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.

Status of the Bologna Computing Farm and GRID related activities Vincenzo M. Vagnoni Thursday, 7 March 2002.

Module 12: Implementing ISA Server 2004 Enterprise Edition: Back-to-Back Firewall Scenario.

Construction methods and monitoring in meta-cluster systems LIT, JINR Korenkov V.V, Mitsyn V.V, Chkhaberidze D.V, Belyakov D.V.

The 2001 Tier-1 prototype for LHCb-Italy Vincenzo Vagnoni Genève, November 2000.

R. Krempaska, October, 2013 Wir schaffen Wissen – heute für morgen Controls Security at PSI Current Status R. Krempaska, A. Bertrand, C. Higgs, R. Kapeller,

Markus Frank (CERN) & Albert Puig (UB).  An opportunity (Motivation)  Adopted approach  Implementation specifics  Status  Conclusions 2.

Managed NAT Gateways Introduction and Demo

DAQ & ConfDB Configuration DB workshop CERN September 21 st, 2005 Artur Barczyk & Niko Neufeld.

JLAB Password Security Ian Bird Jefferson Lab HEPiX-SLAC 6 Oct 1999.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

COMP1321 Digital Infrastructure Richard Henson March 2016.

1 Diana Scannicchio on behalf of ALICE, ATLAS, CMS, LHCb System Administration Diana Scannicchio on behalf of ALICE, ATLAS, CMS, LHCb System Administration.

Introduction to Diskless Remote Boot Linux Introduction to Diskless Remote Boot Linux Jazz Wang Yao-Tsung Wang Jazz Wang Yao-Tsung Wang.

NAT、DHCP、Firewall、FTP、Proxy

Enrico Bonaccorsi, (CERN) Loic Brarda, (CERN) Gary Moine, (CERN)

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Diskless Remote Boot Linux

Grid Canada Testbed using HEP applications

Firewalls Purpose of a Firewall Characteristic of a firewall

Chapter 10: Advanced Cisco Adaptive Security Appliance

Presentation transcript:

Computer and Network Infrastructure for the LHCb RTTC Artur Barczyk CERN/PH-LBC RTTC meeting,

2CERN, Artur Barczyk, CERN/PH-LBC Background RTTC installation in 157: 2 Farms (23 nodes each) 2 Farms (23 nodes each) Data server(s) Data server(s) Data network Data network Control PCs Control PCs Control network Control network This talk covers the “low level” infrastructure, i.e. common services needed to operate a network LHCb private network (similar to the future situation in the pit) Our own domain (daq.lhcb) Our own domain (daq.lhcb) Freedom of installation and configuration Freedom of installation and configuration Addition of HW Change of network structure as needed … All services installed and maintained by LBC All services installed and maintained by LBC Starting point for future installation in the pit Starting point for future installation in the pit

3CERN, Artur Barczyk, CERN/PH-LBC The daq.lhcb domain Connection to CERN network through a single gateway All security measures concentrated in the gateway (bastion host) All RTTC traffic local to the daq.lhcb domain 157IT Gateway Control Farms Servers daq.lhcb

4CERN, Artur Barczyk, CERN/PH-LBC DNS Name lookup in the domain Name lookup in the domainNFS Shared disk access, in particular for disk-less nodes Shared disk access, in particular for disk-less nodes DHCP, TFTP All host addresses via DHCP All host addresses via DHCP Boot server for nodes Boot server for nodesNTP For time synchronisation of all hosts For time synchronisation of all hostsKerberos Authentication AuthenticationNIS Authorization Authorization Domain services Existing from switch test bed

5CERN, Artur Barczyk, CERN/PH-LBC Security Concentrated in the gateway (already in place): Firewall Firewall SSH connections only A few selected services (like e.g. NTP sourcing from ip-time) Intrusion Detection System (IDS) Intrusion Detection System (IDS) The only host visible/accessible from outside daq.lhcb The only host visible/accessible from outside daq.lhcb If needed for RTTC, we can NAT selected hosts (e.g. control PCs) No AFS logins beyond this point No AFS logins beyond this point the price to pay for flexibility Would necessitate an AFS server inside our domain (maybe for installation in the pit?) Important for performance: no firewall needed in the nodes!

6CERN, Artur Barczyk, CERN/PH-LBC Overview Gateway DNS NTP Kerberos NIS NFS daq.lhcb cern.ch

7CERN, Artur Barczyk, CERN/PH-LBC Data server Possible (NAS) implementations: 1. Single server Cheaper solution Cheaper solution Large disk space Large disk space Up to ~100 MB/s (?) Up to ~100 MB/s (?) 2. Blade server More expensive More expensive More CPU performance More CPU performance Several 100 MB/s (c.f. Vincenzo’s studies) Several 100 MB/s (c.f. Vincenzo’s studies) 3. Server farm Why not reuse our old farm? Why not reuse our old farm? There’s 46 x 40 GB = 1.8 TB disk space (unused) There’s 46 x 40 GB = 1.8 TB disk space (unused) Distributed load and disk I/O Distributed load and disk I/O Injection SW basically same as in case 1 Injection SW basically same as in case 1 SRV HEAD SRV

8CERN, Artur Barczyk, CERN/PH-LBC Data server farm Perfectly suitable for MEP based data injection MEP building in head server Fragment files stored on farm nodes Possible file system solutions: NFS NFS Parallel file system Parallel file system Local file systems, data read through socket connection Local file systems, data read through socket connection Expertise present for all 3 solutions Code running on head server same as when using a single file server Nice way to make use of the old (otherwise unused) farm nodes HEAD SRV