140 likes | 153 Views
Details on recent platform migrations and updates at DESY. Includes information on Windows, Solaris, Linux, and Grid technologies, as well as security measures and future plans for IT infrastructure.
E N D
Site Report Stephan Wiesand DESY -DV - May 24, 2004
Platforms • Windows • XP replacing NT4 and 2k on desktops & machine controls • new server installations are Windows 2003 Server • Solaris/SPARC: 2.6 - 9 (mainstream: 8) • last Solaris/x86 to go this year • Linux/x86 • DL5 (SuSE 8.2) replacing DL4 (SuSE 7.2) • to come: Linux/amd64 • HP-UX, IRIX: gone or scheduled to go; AIX: few servers • w/o central support: debian/x86, RedHat 7, some OS X ...
Windows • new domain win.desy.de in production since January • XP, 2003 • migration from old domain in progress • more than 1000 accounts and 500 PCs exist in new domain • several smaller groups already migrated completely • largest group of Windows users (Hasylab) started in April • Samba Server migrated to 3.02 • other groups begin with smaller work groups or projects • Samba 3.02 print server is a domain member
Linux • DL5 (SuSE 8.2) rollout in progress (25% done) • support for base distribution ends April 2004 • 9.0 patches will help for another 6 months • successor - better: continuation - needed early next year • DL5 is most likely the last DESY Linux based on SuSE • if a common HEP distribution with long lifetime is available and affordable, that's what we'll use • started looking at Scientific Linux • thanks to Fermilab for providing this! • current version seems very compatible with DL5 (for users) • purchase of licenses is an option - if price/value ratio ok
Linux/amd64 • aka ia32e aka x86_x64 • first test system is a success • IBM eServer 325, 2 x Opteron 246 (2.0 GHz), 4 GB RAM • SuSE 9.0 Professional/amd64 • performs superior to fastest Xeon Systems (3.2 GHz) • except FP • ROOT applications especially fast, benefit from 64bit mode • deployment of a small number of production systems soon • seamless integration is relatively easy • concern: cernlib dependency locks users into 32bit past
GRID • participation in D-GRID and EGEE • DESY Grid Testbed2 in operation, see http://grid.desy.de • complete LCG2 site, including RB and BDII
Grid Testbed2 • operated in Hamburg on Red Hat 7.3.3 systems • includes nodes in Zeuthen, running on DL5 • running: WN, CE, UI; in preparation: SE, RB • data management service includes SRM and GridFTP • SE with dCache backend developed & being tested • resources are included in LCG2 head site at CERN • D-GRID partners are using DESY's ResourceBroker • DESY is Tier 0 and Tier 1 center for HERA • VOs exist for the active HERA experiments, linear collider activities, international lattice data grid
Security • rules for individually maintained systems are in effect now • regular scans from outside our firewall • of all hosts with any port open through firewall • for open ports and known vulnerabilities • by commercial service provider • access to mail servers now by imaps only • got rid of clear text protocols pop and imap • automated deployment of patches • linux, old NT domain (netinstall), new XP domain (SUS) • policies still evolving
Security continued • due to recent sasser threat, manually checked ALL notebooks brought on site for two days • only a few systems got infected • increased update frequency for virus signatures • update server: hourly, client: every three hours • a few users were tricked into installing Bagle.J • lesson: treat encrypted attachments like executables, and quarantine them • firewall now inhibits outgoing SMTP, except for approved mail servers • imagine all sites and providers did that
Mail & Groupware • MS Exchange 2003 • only candidate for a DESY-wide central service • planning integration into new windows domain • may also become the solution for Linux/Unix users • evaluating Exchange Connector for Ximian Evolution • but has many requirements • library versions not available from distributions (incl. SL3) • deployable without red carpet ? • no successful test installation yet • consolidation of mailing list administration • will move from PMDF to Sympa, for whole lab
Web Office • support for any DESY group providing web content • centrally supported servers • setup with load balancing & failover • full access to backend services like oracle • Zope application server • ZMS content management system • instantiation of new virtual sites within minutes • including structure and design
Disk Storage • HP MSA 1000 • systems installed in Hamburg & Zeuthen • used for Windows home directories • experience is good, system is easy to handle • performance problems for NT4 Clients to W2K3 server • probably not the devices fault... • StorageTek D178 • systems installed in Hamburg & Zeuthen • not without flaws • several downtimes (planned & unplanned) during past year • FC, SAN & $$ no guarantee for availability
Disk Storage (medium grade) • continuous demand for high volume affordable storage • dCache read cache; MC/data accessible by NFS, AFS, CIFS • no way to provide this but IDE-RAID • past: 3ware Escalade (still used in workgroup servers) • now moving to SCSI/FC attached subsystems • Infortrend IFT6xxx, more recently: EonStor A16xx (SATA) • better MTBF of disks (due to lower vibrations ?) • EonStor teething problems (still frequent firmware upgrades necessary, controller chip data corruption issue in 2003) • dCache still detects data corruption at 1E-12 level • first linux AFS fileservers with O(TB) partitions/volumes
Miscellaneous News • batch: SGE(EE) • test installation in Hamburg is up (production is LSF) • has been in production on common farm in Zeuthen for years • now running with krb5 integration (through arcX) • acron/arc successors from two student projects available • k5cron (Hamburg) & arcX (Zeuthen) - see talk by W. Friebel • draft of common usage regulations well advanced • planning an infiniband evaluation cluster for this year • new 155Mb/s connection Hamburg-Zeuthen with flat fee • allows projects impossible before (alas, still no redundancy)