|
|
Issue 11 |
July 2002 |
The
previously scheduled SSH upgrade was postponed. As the maintenance day
approached it became evident that our plans had not taken into consideration some
of the issues that would hinder a seamless transition to SSH Protocol 2. We apologize for the delay and any confusion
that this may have caused. This change
does not affect any of our on-site Windows or Macintosh users who should
continue to use the newly advertised SSH applications (PuTTY,
MacSSH).
The
upgrade to SSH Protocol 2 will be performed gradually until it is the only
supported version of SSH for JLab systems. The amended SSH upgrade schedule is
as follows:
Users
who wish to upgrade to protocol 2 have two options:
1. Specify protocol 2 on
each command line instance of ssh:
jlabs1> ssh -2 ifarms2
2. Create a file called
"~/.ssh/config" containing the following
line:
Protocol 2
We
do recommend that users upgrade and use SSH protocol 2 as soon as possible.
For
more information, please see the phased implementation plans at:
http://cc/docs/services/unix/SSH2/upgrade-faq.html
and the updated SSH documentation found at:
http://cc.jlab.org/docs/services/unix/SSH2/ssh-intro.html
The
JLab/CUE Windows 2000 Terminal ServerThere’s
a fairly new feature of JLab’s CUE computing environment that will be of
interest to many users – the CUE Windows 2000 Terminal Server. The technology
itself isn’t new at all; it’s been around for several years. A Windows Terminal
Server at the lab isn’t really new either – it’s been deployed as a pilot
program for some time. Recently, our Windows Systems Manager (Myung Bang) has
done extensive work on the system which has now been expanded and improved and
is now in full production. There are many situations for which the Windows
Terminal Server provides a good solution:
|
Problem |
Solution |
|
I
have a CUE/Unix (Linux, Solaris or HP-UX) workstation, how do I read or
create a document in Microsoft Word, Excel, Access or Powerpoint? |
Use
the “metaframe” application (available from
/apps/bin) to connect to the Windows Terminal Server and run any Microsoft
Office Application there. |
|
I
have a Windows system, but I received a word document that is from a newer
version of Word, how can I read it? |
Use
the Windows Terminal Server client software (available from the JLab-CUE
section on your Start menu) to connect to the CUE Windows Terminal Server and
read the document there. |
|
My
computing needs are pretty basic – I read mail, use MS Office applications, do
my timesheet, use the stockroom, and browse the web; do I really need a full
PC, with all the cost and responsibility that brings? |
No,
the |
|
I
have an older, slow PC, but it’s hard to justify the cost of an upgrade, is
there a way I can use the Terminal Server? |
It’s
possible that a Windows Thin Client might be able to provide all the
functionality you need, but for less than $400, quite a bit less than a new
PC. |
The
terminal server system uses Microsoft Windows 2000 Server coupled with Citrix’s
MetaFrame product (which include many advanced management and load balancing
features) to provide connectivity from Unix systems and Windows thin clients. This
suite of software, along with various installed applications, makes up the
terminal server system. To users, the terminal server appears as a single
system, “JLABTS.” This is an illusion;
in fact there are currently two servers that provide this service. User-specific
configuration files and user data are stored on the central CUE file systems in
the user’s own directory. This is a roaming profile; a user can configure his
'desktop' and then use it from any thin client or metaframe
login on site. All data, configuration settings, etc. stored in this profile
are available for that user as if they were logging on to a
local Windows PC.
The
load balancing features of Citrix MetaFrame provide redundancy so that if one
of the servers is down or excessively busy, the other(s) in the cluster will
transparently service other logon requests. The load on the systems is
monitored by the
The
terminal server system takes advantage of the many features of the CUE
environment including the centrally provided filesystems (the J, K, L, and M
network drives) found on standalone CUE configured Windows PCs. The thin client
has no local hard drive, (as a standalone PC does) so users of the terminal
server will store all of their work and other data files on either their home
or group directories on the central filesystems. This is a benefit of using the
terminal server since our central fileservers are backed up automatically,
unlike a local PC where it is the user’s responsibility to perform backups of
that system.
Most
common CUE applications are installed and available on the Windows terminal
server system including:
Corporate Time Calendar Server Client
SSH Client
GhostScript
Adobe Acrobat Reader
Netscape 6.2
WinZip
MS Access XP
MS Word XP
MS Excel XP
MS Powerpoint
XP
JLABTS
also provides access to Hummingbird’s eXCeed product to
provide X-terminal emulation. There are complications with deploying this
product in the terminal server that are still being resolved, so for the
moment, users are asked to contact the helpdesk if they need access to this
product.
Additional
software can be installed and made available as needs indicate. In each case,
consideration must be given to a particular application’s operation on the
terminal server, as well as any special licensing requirements that may exist
for this configuration. If you have other software that you think would be a
good candidate for terminal server installation, please let the Computer Center
know, and we can investigate as time permits.
For
more information on the details of connecting to and using the Windows Terminal
Server system at Jefferson Lab, please have a look at the Computer Center’s
documentation pages at: http://cc.jlab.org/docs/services/windows/jlabts.html.
MaplePrimes
is now available to JLab Maple users as part of our purchase of Waterloo
Maple’s Extended Maintenance Plan (EMP). MaplePrimes is designed to provide a
unique set of resources and add-ons to enhance and make easier your use of
Maple software. MaplePrimes provides new add-on packages for Maple, electronic
documentation, and many other Maple resources. For a complete listing of all
resources available, please visit http://www.mapleprimes.com.
Access
to MaplePrimes is provided via a JLab specific authorization code which can be
obtained on-site only from http://cc.jlab.org/docs/services/unix/maple/.
The
Scientific Computing environment will be down for upgrades during the first
week of July (July 1-5). This includes the batch farm, interactive farm (ifarm), mass storage system (JASMine,
SILO), cache file servers, and the work file servers. In order to prepare the
batch farm for the shutdown, jobs will stop being dispatched on Saturday (June
29). This will allow any jobs running on the batch farm time to complete and
exit normally before the shutdown on Monday (July 1). Please plan your work accordingly.
All
the Linux systems will be upgraded to Red Hat 7.2 with kernel 2.4.18-4. This
includes the batch farm, interactive farm (ifarml), data movers (MSS), cache
file servers, and the work file servers. Users are encouraged to upgrade their
desktop Linux systems to Red Hat 7.2 and kernel version 2.4.9-34 or later.
The
interactive farm (ifarms) systems will be upgraded to Solaris 8. The
Sun/Solaris systems in the batch farm will be shutdown and removed.
Load
Sharing Facility (LSF) will be upgraded to version 4.2. This is the software
that manages the batch farm.
Cernlib 2001 will become the default and only available
version on the Solaris 8 and RedHat 7.2 systems.
The
oldest twenty farm nodes will be shutdown and removed from the batch farm.
These nodes are Dual PIII 400MHz systems with 128 Mbytes of RAM. They will be replaced by twenty Dual P4 Xeon
1.8Ghz systems with 1 Gbyte of RAM. The new farm
nodes will have two 160 Gbyte disk drives. Only one
of these disks will be available for use by batch jobs.
The
second disk drive will be used as a cache disk for the farm. This will allow
the farm nodes to act as cache servers for farm jobs only. Files required by
farm jobs will first be pre-staged to these cache areas. This will reduce the
amount of floor space and servers required to install additional cache servers
for use by the farm. If the load created on the farm nodes by the cache server
software is determined to be excessive, then the cache server software will be
turned off.
The
Sun/Solaris systems in the batch farm will be shutdown and removed. Users that
have programs that run solely on Sun/Solaris systems will have to use the
ifarms systems.
Jun 29
(Saturday)
·
Stop
dispatching jobs to the batch farm.
July 1
(Monday)
·
Shutdown
the batch farm. (The SUN/Solaris nodes will be retired)
·
Shutdown
part of the interactive farm (ifarml1 and ifarms1 systems).
·
Shutdown
the mass storage system (JASMine, SILO, cache servers,
data movers).
·
Shutdown the work file servers.
·
Reconfigure
the scientific computing network.
July 2
(Tuesday)
·
Upgrade
the ifaml1 system to Red Hat 7.2.
·
Upgrade
the ifarms1 system to Solaris 8.
·
Upgrade
the cache servers to Red Hat 7.2.
·
Upgrade
the work files servers to Red Hat 7.2.
July 3
(Wednesday)
·
Upgrade
the data movers (JASMine, SILO) to Red Hat 7.2.
·
Upgrade
LSF master servers to Red Hat 7.2.
·
Upgrade
LSF to version 4.2.
July 4
(Thursday)
·
Holiday
July 5
(Friday)
·
Make
the ifarm, work file servers, cache file servers, and
the mass storage system (JASMine, SILO) available to
the users.
·
Install
the 20 new batch farm nodes at Red Hat 7.2.
·
Make
the batch farm available to the users.
·
Begin
upgrading the remaining batch farm nodes to Red Hat 7.2.
July 8
(Monday)
·
Finish
upgrading the remaining batch farm nodes to Red Hat 7.2.
·
Shutdown
and upgrade the remaining interactive farm systems (ifarml2 and ifarms2)
Review
of the changes to Microsoft Licensing has led the Computer Center to make the
following recommendation: If you are currently using Office 97 or Office 2000
and were already planning to upgrade to Office XP, you should purchase the
Upgrade Advantage service before July 31, 2002. Other than in this case, we do
not believe that Software Assurance or Upgrade Advantage is an effective
expenditure for the 
majority of users.
Microsoft
has announced changes to their licensing agreements which will be effective August
1, 2002. If you wish to upgrade your current Microsoft software you must
purchase a maintenance agreement before July 31, 2002. After this date the cost
of upgrades will be equivalent to purchasing a new full copy of the software.
If you are considering upgrading your Microsoft operating system or application
software, please read the following detailed explanation.
Before
July 31, 2002, you will be able to purchase an upgrade to, for example,
Microsoft Windows NT, Windows 2000, Office 97, Office 2000, etc. (This list is
by no means complete; most Microsoft software is affected.) This upgrade will
cost a portion of the cost of a complete license. After August 1, 2002, you
will need to purchase a full copy of Windows or Office in order to accomplish the
same goal. For a fully detailed explanation, see Microsoft's web pages http://www.microsoft.com/licensing/programs/sa/saprepare.asp
Microsoft
offers two plans, which you must purchase before July 31, 2002, if you need an
upgrade path. The first is Upgrade Advantage, the second Software Assurance.
When
you purchase either Upgrade Advantage or Software Assurance, you will receive
either a paper or email confirmation. It
will be the user's responsibility to retain this confirmation for two years as
proof of purchase and proof of legal ownership of the upgrade. The media (cd) will be available for purchase from the vendor, or you
may borrow a copy from the Computer Center.
If
your software (operating system and applications) was shipped with your pc and
you plan to replace your pc soon, don't upgrade as OEM licenses apply only to
the pc to which the manufacturer installed the software. However, you should
plan to purchase the Software Assurance plan for any new software purchases.
For comparison purposes:
Both
Upgrade Advantage and Software Assurance are available through the Webstock
program. Questions can be directed to the JLab Procurement group.
We
strongly recommend that each department determine the number and type of
upgrades they need and submit their purchase requisitions soon. It is the
responsibility of each computer user to assure that locally installed software
is legally licensed. Remember that all upgrades must be purchased by July 31!
The
http://cc.jlab.org/docs/services/windows/WinXPconfig.html
PC’s
running Windows XP Professional had not been permitted to join CUE because of complications
with Norton Anti-Virus software and System Management Software (SMS), both of
which must function correctly for any Windows OS before it will be allowed to
join CUE. We have been able to eliminate
these complications through application upgrades and SMS script modifications.
Microsoft’s web pages indicate that the minimum hardware requirements for
Windows XP Professional are a 300MHz processor, 128 MB RAM, and 1.5 GB of
available hard drive space. Running Windows XP on a PC with this configuration
is a challenge performance wise and is not recommend by the Computer Center. We
recommend that Windows XP be run on a system with at least a 1 GHz processor,
256 MB RAM, and 4 GB of available hard drive space. If a PC does not meet these hardware
requirements it is recommended that it only be upgraded to Windows 2000
Professional instead of Windows XP.
PC Purchasing Update
There
have been recent modifications and upgrades to the PC’s available for purchase
via the Dell Premier website available for JLab, as referenced from our JLab PC
Purchasing web pages (http://cc.jlab.org/docs/services/pc_purchasing/pc_purchase.html). The available Dell desktop systems have been
upgraded to include the Dell Optiplex 260GX. This new Dell model can be
configured with 2.53 GHz processors, 1GB of memory, and all of the latest
hardware configurations. We are currently working with Dell to include Windows XP
Professional as an offered operating system from our Dell Premier website, as
this operating system can now be configured into CUE.
Linux Systems
Additionally
the
The NCD (Xterm)
factory support contract expired over a year ago, and since its expiration 
responsibility has
been ramping down. Although many Xterms are still in use, their lifespan is
limited and they are considered disposable upon failure. The property owner
should be informed if equipment replacement is necessary and also for proper
excess of failed equipment. Ownership can be determined by indexing the green
JLab property tag via CIS from DB1. We still recommend Windows or Linux thin
clients as replacements for Xterminals.
IBM has discontinued
offering its Linux thin client product line; this had been one of the
recommended thin client replacements for JLab’s retiring Xterminals. Currently
we are evaluating other Linux thin client solutions and should have a
recommended configuration available shortly.
It’s
been a year since our last travel update, and a lot of trips have been taken
since then! There have been over 2632 trips processed and another 300 pending
trips.
One of the most useful
and money-saving aspects of the online travel request system is the ability to
search for unused airfare. When a trip is cancelled after a ticket has been
purchased, that airfare can be used for future trips. For example, at the time
of publishing, there was $35,000 in unused tickets. There is a convenient list
of re-useable airfare on the main travel page. Most importantly, though, when a
new trip is created, the system checks old trips for cancellations with the
outstanding airfare. This makes it easier to find and apply that money to new
tickets!
The
system has also become very robust. Modifications to increase speed and to
perform more thorough error checking have made the Travel Requisition more useful
to users, as well as to travel coordinators. The system has also been proven to
handle large numbers of travelers, as shown by a single conference last year
that over 40 people attended.
Additional information is available by contacting Carol Kinsey-O’Neal (kinsey@jlab.org, x7519 or Geoffrey Barth (barth@jlab.org, x7439).
MIS is not exactly a
new group: We’ve been around for years. But with time, the staff has changed,
and so have each team member’s responsibilities. We thought it would be a good
time to re-introduce ourselves! By no means is the following an exhaustive list
of responsibilities, but it should give you an idea of who provides your MIS
support.
Cindy Hall is the MIS Manager and is currently
the main contact for Oracle and Costpoint support.
Geoff Barth is responsible for
writing and maintaining three of the largest and most-frequently-used web
applications: travel, credit card, and CCPR; he additionally maintains and is
the expert on our six web servers
David Buckle is the main contact
for CIS problems; he also serves as the contact for User Liaison applications
and property.
Dana Cochran, our newest team
member, has taken on responsibilities including MIS internal administration
pages and data exchange programs.
Kari Heffner is responsible for
the Web reports, from the PSR summary to the rollup reports, to the drilldowns;
she additionally works on HRIS, internal MIS administration, Ingenium, and
other training applications.
Margaret Ridley is the main contact
for the REQ program on db1. She also works with other procurement applications
such as PRC and finance applications such as ACM.
David Sheppard is our Ingres DBA. He
keeps the database running smoothly, and works with the programmers to improve
table layout.
Mike Staron serves as the primary
ETR contact. Most recently he has also been tasked with Oracle support as well
as upgrades for our third party Oracle-based applications.
Here
you can find a summary of your JLab-related information. It is available by
clicking on the “MY PAGE” image at the top of every MIS web page. What can you
find here?
The
MIS group developed the Computer Center Problem Reporting system. It
facilitates communication between computer users and the folks who answer their
questions. You can either visit the main MIS help page and click on “Problem
Reporting” or send email to helpdesk@jlab.org.
On that MIS page, there is also a link for “Report Log” so that you can easily
access the history of your CCPR.
If
you can’t find an MIS application that you haven’t used in a while, it
shouldn’t be too hard to find. At the top left of every MIS web page, there is
a search form. All you need to do is
type in a keyword to find all matching applications and all relevant links
within the MIS website will be displayed.
The
MIS group uses three different databases to store most of our information: Ingres,
Oracle, and MySQL. For the most part, Ingres is our standard. The Costpoint
financial software and the Ingenium training application use Oracle. MySQL is
used in CCPR.
If
you shipped a package, you can track it by navigating through the SRL web pages.
To get there, go to the main MIS page, click on “Web Applications” ->
“Procurement” -> “Shipping Receiving Log.” Search for packages with your
name: In the results, a “shipped” package will have an “S” in the second
column. Click on “Edit” and then the Lading Bill number. This will pull up the
shipper’s tracking information.
Email ScamsUsers have reported an increasing number of email messages that
are consistent with so-called "Nigerian 419" scams or "Advance
Fee Fraud" schemes. Scams of this
type have the following characteristics:
a.
Inheritance from a relative who was
royalty/deposed government official or a very successful businessman
a.
Purchases of crude oil at reduced rates
b.
Currency conversion
c.
Budgeting Excess or Accounting errors
If you respond to the message in a positive fashion (usually
they request a bank account number), then the scheme goes into full swing.
Official looking paperwork arrives, requests for company letterhead are made,
contact with a variety of "officials" is facilitated, and possibly
requests for you to travel to the originating country occur. Inevitably, things
go wrong. To get the money you are asked to provide upfront cash for processing
fees, bribes, or other expenses.
People who have fallen for these scams have lost lots of money,
and in some cases their lives. The U.S. Secret Service
provides more information available on the web at http://www.secretservice.gov/alert419.shtml.
There are countless other scams out there circulating on the
internet. It is important for you to know who you are dealing with before you
provide personal, financial, or business information to anyone.
Other References:
The computer security team maintains an "alerts" page
for viruses and hoaxes http://cc.jlab.org/docs/security/alerts
The Federal Trade Commission documents the top 12 scams
delivered by bulk email http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm
Recent developments in computer communication technology have
the potential for considerable enhancement of our mobility while still allowing
us to keep in touch with the networks that link us to our job or to the outside
world.
A specific example of this is the wireless network card and the
associated "access points" that link to a network. These devices
provide short range communication links between computers and a network using
radio signals in the ultra high and super high frequency bands (e.g., 1.2 GHz
and 2.4 GHz). The range is limited by the power of the transmitters, by local
obstructions, and by the antennas in use.
The cost of these devices is becoming low enough that one might
consider the use of wireless networks at home. Being able to move about freely
within the range of coverage is a very nice convenience. However, the same
uninhibited nature of radio waves that allows you and your computer to move
from home office to living room to front porch to backyard gazebo also allows
anyone within range to receive the signal and, possibly, to make use of your
network and whatever connections you may have to the Internet. In such cases, both
your privacy and the integrity of your Internet connection are at risk.
These problems occur because many of the wireless systems are
easy to set up in their default configuration. This configuration is often one
which has all the security mechanisms turned off. Unfortunately, even with the
security mechanisms turned on, a determined hacker, with sufficient time, can
gain access to your network. However, turning on all the available security
will definitely improve the odds against casual use of your wireless net by
others.
Setup procedures vary among the vendors, so we won't try to
cover the details. The following general suggestions come from the National
Infrastructure Protection Center (for details, see http://www.nipc.gov/publications/nipcpub/bestpract.html).
Below, "WEP" is the (hack-able) encryption method used,
"SSID" is Service Set Identifier, and "MAC" refers to the
hardware address of the network card.