Privacy and Security Notice

CC Home | JLAB Home | JLAB Internal

Helpdesk | Services | Scientific Computing | Networks | Telecommunications | CAD/CAE | Policies

Newsletter

    JLab Computer Center News

Issue 15

December 2003

Central Computing

Major Network Outage over Christmas Shutdown

Andy Kowalski (kowalski@jlab.org, x6240)

The core network for the site is being upgraded during the December shutdown.  This upgrade requires network outages on December 27, 28, 29, and 30.  The upgrade is being done during the shutdown to limit its impact on the daily operation of the lab.  Services such as email, internet access, web server access, Domain Name Service (DNS), Network Information Service (NIS), calendar, and other Computer Center supported services will be unavailable during the outages.

 

The working plan is to completely shut down the network on the 27th to perform hardware upgrades, replacements, and installations.  The outages on the 28th, 29th, and 30th will be intermittent as configurations are changed to make use of the new features and capabilities the hardware provides.  These intermittent outages will be random and could last for hours at a time.  Although the outages on the 28th, 29th, and 30th will be intermittent, there should be no expectation of service or network availability.

 

Accelerator networks located within the fence will remain operational during this upgrade but will not be externally accessible; either from the internet or RAS (dial-in) connections.

 

The new features and capabilities provided by the network upgrade will enable us to keep up with the increasing demands being placed on the network.  These demands are in the areas of security, functionality, flexibility, and manageability.  One new feature that will be of importance to many groups at JLab is the deployment of VLAN (Virtual Local Area Network) support.  A VLAN is a logical grouping of systems that appear to be on the same physical LAN segment.  In reality, the systems are located on different physical segments.  This will allow, for example, one of our current subnets (Business Services) to be deployed as a VLAN such that select systems across the site (Cebaf Center) can be added to it as if they were local to its origin (VARC). 

 

 One area of new growth requiring the use of VLANs has been in the monitoring of heating and air conditioning units by facilities management.  This upgrade will allow us to build a private network across the site where only the facilities management systems are included.  In the past, dedicated fiber and cables were used to build a private physical network.  With VLANs, this can be done logically using existing fiber, cables, and in some cases, network equipment.  The sharing of physical components to build VLANs will provide us greater flexibility while saving us time and money.

 

 

Upgrade Your Windows NT 4.0 System Before it’s Too Late!

Marty Wise (wise@jlab.org, x7214)

A few months ago, the Computer Center announced that we would stop supporting Windows NT4.0 after February 1, 2004. This decision was based on Microsoft’s own announcement that they would discontinue making security hotfixes available for this 7 year old product around that time. Recently, Microsoft has announced that they would extend this support until June 30th, 2004. At that point, it will no longer be possible to obtain patches to any security vulnerabilities for the system. The Computer Center has similarly extended our support for Windows NT 4.0 until April 30th, 2004. For this reason, it is essential that all lab systems be migrated to a more current version of Windows before that time. The current recommendation is that users migrate their systems to Windows XP Pro. Once Microsoft fully discontinues support for NT4.0 (at the end of June) any security vulnerabilities in the system that are discovered will necessitate physically disconnecting NT4.0 systems from the site network.

 

For most users, their systems will support installation of Windows XP without any problem. Most systems, hardware components, etc. that are in common use at the lab are supported by Windows XP. A few exceptions exist for hardware whose manufacturer has gone out of business. In some of these cases, drivers for XP (or anything else) are not available. In a few cases select hardware may need to be replaced to maintain compatibility. Fortunately, Microsoft provides information on its web site about this issue, and even a tool that you can download and run to determine if your system is supported. More information is available on the Computer Center’s web pages related to the new build system. Click on over to https://cc.jlab.org/services/windows/BuildSystem/ and have a look.

 

The Computer Center now provides tools to help you install windows and a number of common applications over the network. This makes the installation part of the process much simpler, but with a complete rebuild, you will still need to install all of your application software again. Before starting the process, be sure that you have all of the CDs, codewords, licensing information, etc. that may be necessary to install all of your software. Clearly, this is a good time to consider what software you really use, and what might be omitted. Inevitably, there are old versions, and obsolete or otherwise unneeded software that you might be able to eliminate.

 

Many users continue to store documents, data, etc. on their local system disks. Since your local disk will be completely overwritten by the rebuild process, before you rebuild, you’ll need to insure that you have all of your data stored in a safe location. Rebuilding your system provides a great opportunity to reorganize where you store your working data to take advantage of our central file servers. See the “Building or Rebuilding Windows Systems at JLab” article in this newsletter about this topic for more information on how to prepare your system for a rebuild.

 

While upgrading from NT4.0 to a newer version of Windows will certainly take planning and a bit of care, the many benefits of these newer systems is well worth the trouble. And, if that’s not a good enough reason, the fact that NT will effectively be unsuitable for use on the network within a few months should provide ample reason to pursue the upgrade.

 

RedHat Linux Update

David Bianco (bianco@jlab.org, x5268)

As you may have heard, RedHat has announced that they are dropping support for their free Linux product, RedHat Linux, preferring, instead, to concentrate on corporate customers (with a targeted RedHat Enterprise Linux product).  RedHat has announced the end-of-life of all RedHat distributions up to and including version 9. RedHat will cease support for version 9 on April 30, 2004. All other versions will be dropped as of December 31, 2003. Because our entire Linux infrastructure is based on RedHat Linux, the Computer Center began taking a good hard look at all of our options earlier this fall.  We thought this would be a good time to let you know what options we considered and our current solution.

 

One option would be to change to an entirely new Linux distribution.  This would mean, however, tearing down and rebuilding our entire Linux infrastructure from scratch. As we gave a strong preference to solutions based on current RedHat technology, the two leading contenders were RedHat Enterprise Linux and the community-supported Fedora project.

 

We first considered the community supported Fedora Linux project. Sponsored (but not supported) by RedHat, this project can most simply be described as a continuation of the RedHat Linux 7/8/9 distributions, but with more of an emphasis on incorporating leading edge technology. The big advantages here are that Fedora is free, just like the versions we already use, and it is essentially just the next release in the same series we already use. That means we can keep our existing installation procedures, /apps software areas and patch management schemes. It also allows us to give our users access to the absolute newest software versions, which we know would be widely popular.  Unfortunately, since the emphasis is on quick integration of new features, each release will only be supported for about 9 months. This is just too short a time to provide a stable computing environment for the Lab. Also, parts of the OS will be based on immature features which have not undergone the same high level of compatibility and performance testing as the current RedHat Linux releases do now. This means we're more likely to have both functional errors and security bugs in the Fedora system. 

 

Since Fedora Linux was not deemed a viable solution, we evaluated RedHat Enterprise Linux next.  Based on RedHat 8.0 (with improvements from version 9), this is a stable platform upon which to build a computing infrastructure that would enjoy vendor support for a minimum of 5 years.  It supports most of the newer hardware and software available, and can be integrated with RedHat's system management solution, similar to SUS and SMS which we already use for the Windows side of the house.  Technically speaking, this is a very attractive option, but it is also the most expensive.  However, since most of the other High Energy Physics Labs are facing the same issue, the Department of Energy has been in negotiations with RedHat for more favorable licensing costs.  This cost would need to be spread among the various divisions at the lab each year. 

 

Ultimately, the DOE negotiations with RedHat resulted in a price for RedHat Enterprise Linux Workstation at an attractive, and workable, cost.  We have recently purchased enough desktop licenses to support our current number of Linux desktops (about 500), and will be developing a level 1/2 desktop build based on it.  This build will be available by mid-December and we encourage anyone running a version of RedHat less than 9 to upgrade to RHEL 3 as soon as possible.  People running RedHat 9 should also upgrade to the Enterprise version as soon as practical, but no later than April 30th, 2004.

 

The Computer Center is quickly upgrading our current Linux infrastructure, based on RedHat 7.2, to RHEL 3.  This upgrade will take place in three stages, the first of which will be completed by mid-December and includes all Computer Center desktop systems and some general-purpose service machines.  Once these are done, we will begin a migration of our web servers and other externally accessible machines to RHEL 3.  Finally, if everything is upgraded as currently planned, we will upgrade the interactive farm and batch farm machines to RHEL 3 early next year.

 

 

Central Unix Login Server Upgrades

Paul Letta (letta@jlab.org, x5106)

On the October maintenance day, several of the general purpose Unix login systems were upgraded to new hardware. Both jlabs1 and jlabs2 were Sun E450 servers with four 250MHz cpus and 2GB of RAM. They are now Sun E280R servers with dual Ultra III Sparc CPUs that run at 1.2GHz and have 4GB of RAM.

 

Scientific Computing

Andy Kowalski (Kowalski@jlab.org, x6224)

 

SILO

Upgrades

A total of fifteen 9940B tape drives are now installed in the SILO. The last five 9940B tape drives went into production during October. All writes to the tape SILO are being made to 9940B tape drives. The six 9840 and fifteen 9940A tape drives are being used as read only devices.  The 9940B tape drives have a capacity of 200GB per tape and a transfer rate of 30MB/sec. This represents a 233% gain in capacity and a 200% gain in transfer rate when compared to the 9940A tape drives. The table below lists the type and quantity of drives we currently have in production and how they are being used.

 

Type

Quantity

Capacity

I/O Rate

Use

9840

6

20 GBytes

10 Mbytes/sec

Read Only

9940A

15

60 GBytes

10 Mbytes/sec

Read Only

9940B

15

200 GBytes

30 Mbytes/sec

Read and Write

Migration

With fifteen 9940B tape drives in production, data migration has begun for the older 9840 tapes. As of November 1st, 25% of the data stored on 9840 tapes has been migrated to 9940B tapes. The 9940A tapes will be migrated to 9940B tapes after the 9840 tape migration has been completed. Once migrated, the older tape drives will be removed from production use. By migrating the data from older tape formats to the new 9940B format we will increase the storage capacity of the existing tape SILO. It is projected that this migration will postpone the requirement for a third SILO through the summer of 2005.

Usage

The following table shows the usage of the tape SILO over the past 8 months minus any data migration activity. 

 

Month, Year

Terabytes

Files Requested

Failures

Percent Success

March, 2003

91.40

161,374

8,653

94.64

April, 2003

93.02

185,071

21,261

88.51

May, 2003

59.01

104,915

7,390

92.95

June, 2003

98.38

334,312

24,352

92.72

July, 2003

131.79

199,705

21,551

89.21

August, 2003

73.91

161,881

13,246

91.82

September, 2003

59.40

97,689

9,485

90.29

October, 2003

65.549

102,471

3,475

96.61

 

The majority of failures result from either the clients (jput and jget) not being active to receive the data files and cache servers failing during data file transfer.  In the case of clients not being active, they usually have been killed by the user (Ctrl-c).  In the case of failed cache servers, these are failures for files being transferred from the data mover to the cache server at the time of the cache server failure.

Farm

The last of the tower-cased systems have been decommissioned from the farm.  They were dual Intel Pentium III 500MHz systems.  They have been replaced by 24 dual Intel P4 Xeon 2.6GHz systems.  These new systems have 1GB of RAM and 120GB of disk space for user jobs.  The Hyper-Threading feature of the P4 Xeon processor make the systems appear as quad processor systems.  These systems run 6 simulations jobs instead of the traditional 3. As currently configured, this increase results in the farm now having up to 738 running job slots.  Limits and restrictions do, however, prevent a single user from using all the available job slots.

 

Ifarml1 was replaced with a quad Intel P4 Xeon 1.4GHz system similar to ifarml3.  The ifarm now consists of 3 quad processor Linux systems and 2 dual processor Sun 280Rs.  With Hyper-Threading, the Linux systems appear to be 8 processor systems to the operating system.

 

Grid Computing

Michael Haddox-Schatz (mschatz@jlab.org, x5803)

The Computer Center’s scientific computing group is working to extend our current job submission system (the farm and Auger) into a Grid application. This "Grid-Auger" application will connect batch farms from other labs and universities that are collaborating with JLab on experiments. Researchers from any of the member sites will be able to submit work jobs from anywhere and Grid-Auger will determine where the best place to run the job is, and ensure that input files and output files are moved to the appropriate place. More information about our efforts on this project, including a tentative schedule can be found at http://auger.jlab.org/grid/ .

 

Desktop Support

CUE Mozilla Web Browser/Email Client Support

David Bianco (Bianco@jlab.org, x5268)

As you may have noticed, the Lab's default web browser and email client are getting a bit long in the tooth. In the past, we've settled on using Netscape as our standard for both browsing and email, but we are now revisiting this choice. While Windows and Linux users are able to take advantage of the newer versions of Netscape Communicator, our Solaris and HP-UX users are left out in the cold. In the interests of making the same features available to all our users and reducing support costs, the Computer Center is changing the standard supported browser/email client recommendations from Netscape to Mozilla 1.5.

 

“What the heck is 'Mozilla'?” you may be asking yourself. You might not think you're familiar with it, but you probably know more about it than you think. Mozilla is an Open Source project that provides a full suite of Internet utilities, including a web browser, email client, HTML editor and IRC chat client. If this sounds familiar, it should: Netscape has been based on Mozilla technology since version 6! Netscape Communicator and Mozilla offer many of the same features in an interface that is very similar to what you probably already use. 

 

That's not to say that there are no differences. First, unlike Netscape, the latest versions of Mozilla are available on all our computing platforms, including HP-UX and Solaris. Mozilla also offers many new features that Netscape does not. For example, the browser features integrated blocking that can end those annoying pop-up window ads forever. On the email side, Mozilla has a built-in spam filter that learns the difference between legitimate messages and junk mail. After a short initial training period, you can configure it to automatically route junk email to a special folder where it can be held for manual review or automatically deleted after a few days. For those of us who get a lot of spam, this feature alone could make it worth checking out Mozilla.

 

Mozilla is now available for all JLab CUE machines. Under Unix, simply type “mozilla” launch and use to the software to launch it. Under Windows, you can install Mozilla by pointing at “Start->Programs->JLab CUE->User Installable Programs->Mozilla 1.5”. On either platform, it will detect the presence of your Netscape configuration profile (only if you have used Netscape 6.0 or higher) and offer to import your web and email settings automatically. Configuration details and information for the Mozilla email client can be found in the Computer Center web pages at http://cc.jlab.org/docs/services/email/mozilla15/, and further Mozilla documentation and help for its applications can be found at http://mozilla.org. You may also contact the helpdesk with any questions, comments or concerns you might have.

 

Building or Rebuilding Windows Systems at JLab

Marty Wise (wise@jlab.org, x7214)

Everyone who is currently running Windows NT 4.0 will soon need to upgrade their systems to a newer version of Windows. In general, there is very little reason to choose Windows 2000 over Windows XP, so most people will be upgrading to Windows XP.

 

By now, I’m sure all of us have a collection of horror stories of the problems we have encountered in the past while tackling this process. I can’t even count how many times I have forgotten to back up my address book prior to rebuilding, only to discover after the fact that my system no longer knows who “sweetie” is. And if remembering to take care of all of my data wasn’t enough to worry about, I also had to make sure that the system itself was installed, configured, patched, etc. correctly. The Computer Center now provides detailed instructions on transferring critical information from one Windows PC to another at https://cc.jlab.org/services/windows/transferpcs.html.

 

Additionally the Computer Center has been working on several initiatives designed to help ease the transition and help users “make the jump” with as little disruption and inconvenience as possible. One such initiative is the introduction of a network-based build system for Windows.

 

In the past, the process of installing Windows, getting it patched, installing MS Office, common applications, etc. has been very time consuming. It has also provided numerous opportunities to introduce configuration errors either through misunderstanding or simple mistakes. Speaking from experience – a simple typo in the wrong form field during setup can turn an otherwise perfectly good system into an incoherent mass of electronic parts. The new system is designed to allow users to rebuild an existing system with a minimum of trouble.  Once rebuilt, the system will conform to the Windows Workstation Configuration defined by the Computer Center.

 

For the most part, systems built at the lab conform to a fairly simple basic configuration. Most users need Windows to be correctly configured and they need access to a fairly small set of common tools. A standard basic configuration for desktop systems has been developed. A description of this configuration is available online at http://cc.jlab.org/docs/services/windows/WorkstationConfig.pdf.

 

The Computer Center is excited to offer a new tool to simplify this process. Just navigate to https://cc.jlab.org/services/windows/BuildSystem/ to review the details and submit a request for construction. Once the request is submitted, it will be reviewed by CC staff and approved for construction. Once that is done, simply rebooting your system from the network is all that it will take to completely rebuild your existing system with Windows.  The steps performed include:

 

  1. Registers your system, its IP address, owner, and license with the Computer Center.
  2. Wipe out everything on your hard disk and partition it into a single, large partition.
  3. Installs the Windows Operating System, with current service packs and most hotfixes pre-installed.
  4. Installation of several common applications in use at the lab.
  5. Proper configuration of your network and other system parameters.
  6. Join your system to the JLAB domain.
  7. Automatically test the configuration of the system to insure that it is properly secured.
  8. Install the Microsoft Systems Management client that allows the computer center to more easily manage your system.
  9. Automatically install our Corporate Norton Antivirus product and configures it for use.

 

Overall, the new build process is intended to provide a stable, reliable windows desktop platform that is well integrated into our environment. For users, this means a system that does what you want, when you want, without a lot of hassles.

 

Important Changes to Support for Windows NT, 95 and 98!

Microsoft has announced that security patches for Windows NT4.0 will no longer be available after June 30th, 2004. Security patches for Windows 95 and 98 will become unavailable after January 30th. After these dates, if critical security vulnerabilities are discovered, corresponding systems on site that are still running these versions of Windows will have to be physically disconnected from the site network.

 

Current Table of OS’s in Use, Supported in CUE:

Platform

OS Revision

Notes

Sun

Solaris 2.6

Support Ended

 

Solaris 7

Not supported

 

Solaris 8

Supported, default for new systems

 

Solaris 9

Not supported

HP

HP-UX 10.20

Support Ended (except special cases)

 

HP-UX 11.11

Supported, default for new systems

Linux

RedHat 6.2

Support Ended

 

RedHat 7.2

Currently Supported, Default for new systems

 

RedHat 7.3

Not Supported

 

RHEL 3

Support Beginning Mid-December 2003

Windows

3.x, 95, 98

Not supported. Microsoft Security Fixes ending 1/31/2004. Required to disconnect from site network if unfixable vulnerabilities discovered after that date.

 

ME

Not supported. Microsoft Security Fixes ending 12/31/2004. Required to disconnect from site network if unfixable vulnerabilities discovered after that date.

 

NT 4.0

Currently Supported, support ending 4/30/2004. Microsoft Security Fixes ending 6/30/2004. Required to disconnect from site network if unfixable vulnerabilities discovered after that date.

 

2000 Pro

Currently Supported

 

XP Home

Not Supported on site

 

XP Pro

Currently Supported, recommended for new purchases

 

CSI Added to Available PC Vendors

The Computer Center has been working with CSI (Concentric Systems, Inc.) to supply JLab with PC’s running Linux. CSI is now available via the web for JLab employees to build and receive quotes for PC’s. The quote is electronically generated with the most up to date pricing and configurations. The quote is then stored for approvals and for the Procurement Department to include as an attachment to the Purchase Requisition. CSI supplied PC’s can also be configured and built to run the Windows XP operating system. The instructions and details on how to use the CSI Web pages can be found in the Computer Center web pages at http://cc.jlab.org/services/pc_purchasing/.

 

Networks

Hall C Network Upgrades Underway

Michael Memory (memory@jlab.org, x6240)

As the Computer