Presentation is loading. Please wait.

Presentation is loading. Please wait.

SFT group meeting Desktop Forum report Alberto AIMAR

Published byStephen Anderson Modified over 9 years ago

Similar presentations

Presentation on theme: "SFT group meeting Desktop Forum report Alberto AIMAR"— Presentation transcript:

1 SFT group meeting Desktop Forum report Alberto AIMAR alberto.aimar@cern.ch

2 2 Desktop Forum, September 15th 2005 CNIC project update CRA, project status Linux update PC rental phase-out Fax services http://agenda.cern.ch/fullAgenda.php?ida=a055754

3 Computing and Network Infrastructure for Controls CNIC What is CNIC? Why is CNIC necessary? CNIC definitions Changes for users once the CNIC policy is in place Network tools and policies for CNIC

4 CNIC-WG4 What is CNIC CNIC-WG –Working Group delegated by the CERN Controls Board Mandate covers only control systems, not office computing –Definition of Security policy Networking aspects Operating systems (Windows and Linux) Services and support –Members should cover all CERN controls domains and activities Service providers Service users

5 CNIC-WG5 Networking (1/2) General Purpose Network (GPN) –Desktop Computing, testing, access from outside, … Technical and Experiment Network (TN and EN) –Only operational devices –Authorization procedure Inter domain communications –Application Gateways –Trusted services Dependencies –File systems (DFS, …), –databases (CERNDB, …), –servers (DNS, …)

6 CNIC-WG6 Networking (2/2) Domain Gateway filters: –Only allow network traffic from trusted hosts Trusted hosts by controls networks: –IT/CS network services –Central IT services (e.g. AFS, DFS, NICE domain controllers, TSM backup servers, Oracle.....) –Application Gateways (e.g. Windows Terminal Servers, Linux gateway servers)

7 CNIC-WG7 Use Case - Office connection Connection to controls monitoring system (e.g. PVSS) from office PC –Connection to application gateway (e.g. Windows Terminal Server). –Open session to application (e.g. PVSS) with connection to controls machine and PLCs.

8 Administrative Information Services CERN - Organisation Européenne pour la Recherche Nucléaire Wim van Leersum/IT-AIS-F8 CRA Status First release (end of October ?): –Current CCDB functionality (account mgmt) –Data cleanup –Automatic account expiration Design finished Data base schema/User Interface implemented AIS and Nice account management tested

9 Administrative Information Services CERN - Organisation Européenne pour la Recherche Nucléaire Wim van Leersum/IT-AIS-F9 CRA current activities Data cleanup –Accounts review –Admin groups –Primary/Secondary account group –Ais/Nice Synchronization –Expired accounts removal Migration of Oracle users EDMS account management Training accounts mgmt

10 10 Linux SLC5  Red Hat Enterprise Linux 5 / Scientific Linux 5: – up-to-date, including stable 2.6 kernel – BUT: release 2nd Q 2006  Add 2-4 weeks for building SL5 – Another 2-4 for building SLC5  RedHat does not commit to any release date – but their product lifecycle is 12-18 months –... may be too late for CERN full certification.

11 11 Linux SLC4  Responsible for OS certification: – Linux Certification Committee  http://cern.ch/linux/documentation/LXCERT/  Responsible for physics compilers/software stack certification: – LCG SPI (approved by Architects Forum)  Certify twice – SLC4 – 'slowly' Q3/Q4 2005 – SLC5 – 'fast' Q2 2006 (Q3 2006 ?)  Use 'split certification' – Operating system – Experiments compilers plus software  Decide deployment late... and then do it quickly !

12 DTF: Tim.Smith@cern.ch12 of 7 Summary  No new rental agreements  (Already frozen 2 DTFs ago)  Consider all past payments as capital repayments  Send proposals to buy-out (by completing capital repayment) or return  Immediately (rather than wait for next contract renewal)

13 13 An opportunity for a better service u A bi-directional FAX-EMAIL gateway u Outgoing fax sent from email u Supports Text, HTML, and all major file formats (including PDF, Office, drawings, etc) u Robust decoding of attachments u NEW: must be registered to use the service u http://cern.ch/fax (part of the CERN mail services) http://cern.ch/fax u Cover page can be customized Email Syntax for fax: First.Lastname@number.mail2fax.cern.ch

14 14 … a better service … u Incoming fax u When registering (http://cern.ch/fax) every user obtains a unique phone number for his/her “virtual” fax machinehttp://cern.ch/fax u 0041 22 766 xxxx, u All faxes sent to the unique phone number will be digitized to PDF format and sent to the email of the user u The default “cover page” contains the user name and the virtual fax number (so people can reply directly to a fax)

15 15 Status of the service u The new service is production since beginning of September u Already 270 users registered ! u Over 1100 faxes sent, 600 received u Only staff members, fellows and service accounts can become registered user of the service u This can change u Telephone cost is not recharged but accounted. Abuses are monitored u Work is being done to add the assigned “Fax number” in the CERN phone book

16 16 Desktop Forum, October 13th 2005 CNIC / NICEFC - NICE For Controls CNIC / LINUXFC - LINUX For Controls Videoconferencing with VRVS/EVO (not reported here) AOB http://agenda.cern.ch/fullAgenda.php?ida=a056481 By A.Pfeiffer

17 17 NICEFC strategy  Three directions followed …  Improve the Windows installation services in a way where the configuration is read entirely from a central database (reinstalling a device restores its assigned applications)  Simplify the installation of Custom Terminal Servers to allow cloning of the current production service (application gateways)  Build a “Management Framework” where owners of machines can define and manage the exact configuration of computers under their control  Web based User Interfaces for administration  Central Configuration & Reporting Database  Client Service running on each participating Windows PC

18 18 Concrete results so far …  Installation “from the network” in production since June  No need for floppy disk or CDs anymore  No need to preload disk images on new computers  See: http://cern.ch/Win/Services/Installation/Dianehttp://cern.ch/Win/Services/Installation/Diane  Application gateway “service” being prepared  Already 2 Terminal service gateways installed (AB/CO, TS/CV)  Starting point: a “clone” of the general purpose terminal server configuration  The service is not free and is charged on a yearly base  This ensures its scalability and focuses the effort on real needs  See:  http://cern.ch/Win/docs/serverservice http://cern.ch/Win/docs/serverservice  http://cern.ch/terminalservices http://cern.ch/terminalservices

19 19 Concrete results so far …  The “Management Framework” is available for test  Provides complete delegation of system administration to “locally managed” Sets  It allows the definition of “Named Set of Computers”  It allows to control which patches and applications are installed on these sets  Either “standard” centrally provided packages or created by local administrators  It allows to control WHEN the deployments take place  It allows to define specific policies for all sets  Hardware and Software Inventory and Metering possible using standard mechanisms  A general solution for locally managed computers with a maximum reuse of standard packages prepared centrally

20 20 Linux For Controls Requirements R1The computers shall have well defined configurations –Only defined versions of defined packages shall be installed –It must be possible to have additional packages/versions on computers dedicated to test or development activities –Equipment responsible persons (at domain, NSC or node level) or the CERN CSO must be able to determine when to install patches and upgrades R2It must be possible to do a version rollback –It must be possible to go back to previous versions of configurations –It must be possible to go back to previous versions of packages installed

21 21 Linux For Controls Requirements R3 It must be possible to manage computers by user- definable groups –It must be possible to define the responsibility for computers according to their functionality (NSC) –The configuration parameters must be definable according to the domain and NSC of the computer R4It must be possible to clone computer(s) and re-install from scratch –It must be possible to give a new computer the same configuration as an existing configured computer –For replacements or troubleshooting it must be possible to reinstall a computer from scratch

22 22 Linux For Controls Requirements R5It must be possible to validate changes before applying them R6It must be possible to verify the configuration –It must be possible to test if the real configuration is identical to the desired configuration –It must be possible to change the real configuration to the desired configuration R7It must be possible to manage user installed packages and patches

23 23 Linux For Controls Requirements R8It must be possible to do remote system management R9Minimal Execution Rights –It must be possible to restrict the execution rights of the accounts for certain applications R10 It must be possible to disable or restrict data transfer peripherals –To avoid that extra software that could compromise the security or functionality of a computer can be installed via CDs, DVDs, USB or similar devices, it must be possible to restrict or disable these devices.

24 24 AOB  Skype  problem with "supernodes" which kicks in at CERN (high bandwidth) causing high network traffic and legal issues (as we then become a telecom operator)  There are requests for having a VoIP service  is on working list (not with high priority)  needs to be moved to high priority in a common effort between IT and PH  Windows 2000  is supported if it is patched (at least SP4)... from MicroSoft until 2009  IT would like to reduce support earlier (beginning from next year)  VPN requirements (feedback)  most people were misunderstanding on other ways to work  few cases where VPN is needed (see document on agenda page)document on agenda page  users have to use the less convenient ways of viewing web pages which are only visible from within cern (e.g. through terminalservices)  no performance issue even over low (non-ADSL/modem connections.  CRA : accounts will keep alive for one year  controls group: unix uid should never be reused (present policy is reusing)  another discussion in DTF is needed to iterate on the requirements/needs

Download ppt "SFT group meeting Desktop Forum report Alberto AIMAR"

Similar presentations

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
An Introduction to System Administration Chapter 1.

An Introduction to System Administration Chapter 1.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Chapter 10 Server Administration1 Ch. 10 – Server Administration MIS 431 – created Spring 2006.

Chapter 10 Server Administration1 Ch. 10 – Server Administration MIS 431 – created Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Installing software on personal computer

Installing software on personal computer
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
MiVoice Office v6.0. 2 MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.

MiVoice Office v MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.

Configuration Management Supplement 67 Robert Horn, Agfa Healthcare.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Similar presentations

Ads by Google