240 likes | 383 Views
Computer Oversight Committee March 24, 2004. Update on major initiatives Directions for next year Decisions/Policies. Update on major initiatives. LDEO Wide Area Network Configuration February 2004. LDEO. Morningside Commodity & I2. Quest Boston Commodity. Cisco 6509. T3. T3. Nevis.
E N D
Computer Oversight CommitteeMarch 24, 2004 Update on major initiatives Directions for next year Decisions/Policies
LDEO Wide Area Network Configuration February 2004 LDEO Morningside Commodity & I2 Quest Boston Commodity Cisco 6509 T3 T3 Nevis 45Mbit/sec LDEO 100Mbit MW AcIS 7400 AcIS 3660 HSRP HSRP AcIS 2691 AcIS 2691 10Mbit 802.11b Nevis Switch Netscreen FW
Core Network Reliability System restarted at 11:23:53 EST Fri Feb 8 2002 geo-cisco uptime is 2 years, 5 weeks, 2 days, 22 hours, 18 minutes
Netscreen Firewall 2004-02-27 10:01:29 alert 00401ICMP flood!, From 217.5.105.161 to 129.236.99.188, occurred 39 times 2004-02-27 01:12:39 crit 00425 FIN but no ACK bit!, From 210.104.250.34/42723 to 129.236.205.244/80 occurred 1 times 2004-02-27 14:13:44 crit 00423 Large ICMP packet!, From 128.59.213.157 to 129.236.60.147, occurred 1 times 2004-02-26 22:08:55 crit 00424 SYN and FIN bits!, From 210.72.1.172/52344 to 129.236.43.74/80, occurred 4 times 2004-02-26 20:35:55 alert 00405 Address sweep!, From 217.227.36.171 to 129.236.41.74, occurred 1 times 2004-02-26 20:35:10 alert 00012 UDP Flood has been detected!, From 202.106.196.149/55562 to 129.236.39.11/53, occurred 84 times
Spam Dear user, the management of COLUMBIA.EDU mailing system wants to let you know that, Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service. Advanced details can be found in attached file. For security purposes the attached file is password protected. Password is "61506". Cheers, The COLUMBIA.EDU team http://www.cOLUMBIA.EDU DEAR, I KNOW YOU WILL BE SURPRISE TO READ FROM ME. BUT PLEASE THIS LETTER IS A REQUEST FROM A FAMILY IN DIRE NEED ASSISTANCE.I AM GEORGE RAPHAEL FROM ANGOLA. THE ONLY CHILD OF LATE BRIGADIA ANTONION RAPHAEL.WE ARE PRESENTLY RESIDING IN COTE D'IVOIRE.
Email processing • Before a message is accepted for delivery • Mimedefang • Rules to convert .exe, .zip etc. to .txt • Spamassassin • RAZOR – users contribute samples of spam • BAYES – baysian filtering with learning • RBL – external check for sites that have been black holed • Heuristics – static rule set • After a message is accepted for delivery • Procmail - system rules • Procmail - user rules • In the Future • commercial Anti-virus check
Mass Storage Improvements Installed 1999 Cisco Gig Ethernet STK 9840 Silo 6000 slots 120TB Sun E4500 A1000 RAID 10 X 9840 Drives All tapes were in one basket Disk & CPU performance Cost of 9840 tapes Lack of cost effective upgrade path
Mass Storage Improvements Geoscience Copy 1 Seismology Copy 2 ADIC 700 slots Cisco 2 LTO2 Drives storage 1 LTO2 drive Backup Gig Ethernet Gig Ethernet STK 9840 Silo 6000 slots 120TB Apple Xserve FC-AL 2GB RAID Sun E4500 10 9840 Drives Sun V440 A1000 RAID
Backup • Current • 40 Suns via Legato on ADIC and Overland LTO2 tape • 50 Macs via Retrospect on Mass Store Currently 3.3TB • Legato license extended to 128 LTO2 tapes = 25TB • Macs running pre OS X via Retrospect on Mass Store • Macs running OS X via Retrospect on Mass Store • No PCs running Linux (except for special cases) • No PCs running Windows (except for special cases)
Other Projects • Bore Hole Group renovation – new Gig uplink & switch • New underground fiber for computing and telephone • (multimode and single mode) to: • Instrument Shop • Geochem • BRG • Seismology • Coordinated software purchases – MS Office, Adobe, Apple • Centralized Norton Anti-virus protection – Admin & research • Microsoft SUS server for security updates & patches – Admin • iCal (.Mac) calendar server – Mac, web & Mozilla calendar access • RealServer – Friday colloquia now recorded • LDEO network multicast enabled
Current LDEO Email Configuration February 2004 Cisco 100Mbit 100Mbit Lamont 2 X CPU 2 X PS 2 X root Miles SMTP & IMAP Ultra160 SCSI LDEO email FTP LDEO Home dirs 350GB SCSI RAID 5 with hot spare
Future LDEO Email - Home Directory Configuration I SMTP Server 1000Mbit/sec 1000Mbit/sec 2 X CPU 2 X PS 2 X root BlueArc NAS 3-7 TB SMTP Server 2 X CPU 2 X PS 2 X root 1000Mbit/sec Cisco IMAP Server 2 X CPU 2 X PS 2 X root IMAP Server Backup NAS SATA 2 X CPU 2 X PS 2 X root
Future LDEO Email - Home Directory Configuration II SMTP Server 1000Mbit/sec 1000Mbit/sec Apple Xserve 2 X CPU 2 X CPU 2 X PS 2 X root SMTP Server 2 X CPU 2 X PS 2 X root IMAP Server Cisco Apple Xserve RAID 3 TB - 7 TB 2 X CPU 2 X PS 2 X root 1000Mbit/sec IMAP Server Backup NAS SATA 2 X CPU 2 X PS 2 X root
Future Admin server Cisco 55 Win2K PCs 1000Mbit 2 X CPU 2 X PS 2 X root 4 X CPU 2 X PS 2 X root 100Mbit switch 1000Mbit Sun V440 PDC & SMB Sun U250 PDC & SMB Sun A1000 RAID 84 GB Sun A1000 RAID 168 GB Tape Robot BU Tape Robot BU
1 – 3 TB NAS SATA Future LDEO Webserver HTTP Server 1000Mbit/sec 1000Mbit/sec 2 X CPU 2 X PS 2 X root HTTP Server 2 X CPU 2 X PS 2 X root Web Mail Cisco 2 X CPU 2 X PS 2 X root Database Server 2 X CPU 2 X PS 2 X root
Backup • Issues • 350 PCs & Macs X ~40GB = 14TB X 2+ cycles = really large bit bucket !! • Moblie machines • Large workgroup filesytems & databases (Arko, Floyd, Stark, etc) • Legato license extended to 128 LTO2 tapes = 25TB • Need to add LTO2 tape drive to ADIC • Goal • Macs running pre OS X via Retrospect on Mass Store • Macs running OS X via Legato on ADIC • PCs running Linux via Legato on ADIC • PCs running Windows via Legato On ADIC
Backup • User policy/education to limit desktop backup volume • Segregate application & data (probably not possible) • Backup folder • Push or Pull • Policy and/or hardware for large workgroup filesystems • Don’t offer backup for RAID systems • Coordinate purchase additional disk at time of purchase • Negotiate backup schedule
BlueArc NAS Filer ‘Best in Breed’ Very fast Very Reliable Snapshot block level backup NFS + CIFS file locking Very expensive $10.71/GB Expensive to upgrade Expensive to maintain $8,000/yr NoName NAS Generic Win/Tel or Linux Fast Reliable File based backup NFS SMB via Samba Cost effective $3.57/GB Less expensive upgrades Maintanence 1- 2K/yr