1 / 6

HEPIX

HEPIX. May 2004 Edinburgh http://hepwww.rl.ac.uk/hepix/nesc/agenda.htm Linux/Unix highlights. SLAC OS Status. Linux RedHat Enterprise 3 (RHEL3) rolling out to most servers and desktops Begun weekly RedHat service meetings (by phone)

iona
Download Presentation

HEPIX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HEPIX • May 2004 Edinburgh • http://hepwww.rl.ac.uk/hepix/nesc/agenda.htm • Linux/Unix highlights

  2. SLAC OS Status • Linux • RedHat Enterprise 3 (RHEL3) rolling out to most servers and desktops • Begun weekly RedHat service meetings (by phone) • About 20 issues opened so far with them (missing function, driver issues) • Have yum-based service to pull updates to systems. • Working out how to update mobile/offsite systems (up2date?) • ALDI project to automate desktop upgrades

  3. DESY- Linux • DL5 (SuSE 8.2) rollout in progress (25% done) • support for base distribution ends April 2004 • 9.0 patches will help for another 6 months • successor - better: continuation - needed early next year • DL5 is most likely the last DESY Linux based on SuSE • if a common HEP distribution with long lifetime is available and affordable, that's what we'll use • started looking at Scientific Linux • thanks to Fermilab for providing this! • current version seems very compatible with DL5 (for users) • purchase of licenses is an option - if price/value ratio ok

  4. DESY- Linux/amd64 • aka ia32e aka x86_x64 • first test system is a success • IBM eServer 325, 2 x Opteron 246 (2.0 GHz), 4 GB RAM • SuSE 9.0 Professional/amd64 • performs superior to fastest Xeon Systems (3.2 GHz) • except FP • ROOT applications especially fast, benefit from 64bit mode • deployment of a small number of production systems soon • seamless integration is relatively easy • concern: cernlib dependency locks users into 32bit past

  5. DESY-Security • rules for individually maintained systems are in effect now • regular scans from outside our firewall • of all hosts with any port open through firewall • for open ports and known vulnerabilities • by commercial service provider • access to mail servers now by imaps only • got rid of clear text protocols pop and imap • automated deployment of patches • linux, old NT domain (netinstall), new XP domain (SUS) • policies still evolving

  6. DESY - Security continued • due to recent sasser threat, manually checked ALL notebooks brought on site for two days • only a few systems got infected • increased update frequency for virus signatures • update server: hourly, client: every three hours • a few users were tricked into installing Bagle.J • lesson: treat encrypted attachments like executables, and quarantine them • firewall now inhibits outgoing SMTP, except for approved mail servers • imagine all sites and providers did that

More Related