Email Changes

For email, protocols that send usernames and passwords clear-text will be turned off on the April 25 maintenance day – these are POP (Post Office Protocol) and regular IMAP (Internet Message Access Protocol). Eudora and other mail clients commonly use POP. Regular IMAP is also supported by numerous email packages, but can often be configured to use the encryption with the click of an option. Secure IMAP (SIMAP), achieved using an SSL (Secure Socket Layer) IMAP connection, must be used instead.

The one SIMAP mail reader that is available to users across all CUE platforms is Netscape Messenger. Other platform-dependent mail readers are available as well, including Microsoft’s Outlook Express.

Users running pine, mail/mailx, or dtmail (desktop mail icon provided on UNIX machines) will not be affected, because mail is read locally on the system; no additional username/password network traffic occurs after login to read mail. Users already running Netscape or Outlook Express simply need to make sure that IMAP with the SSL (Secure Socket Layer) option is chosen. Eudora Lite does not support Secure IMAP; these users must choose an alternate mail reader.

To run Netscape from a UNIX system, simply type the “netscape” command. From a PC or Mac, if you need to install Netscape, see the installation page at http://cc.jlab.org/desktop/docs/ns_install.html.

For CUE PC users, Netscape is available for installation from the Start/Jlab-Cue/Client Installed Applications menu.

To configure Netscape for Secure IMAP, see http://cc.jlab.org/services/email/new_nsmail.html.

To configure Outlook Express for Secure IMAP, see http://cc.jlab.org/services/email/ms_outlook.html.

Eudora users converting to Netscape can convert Eudora folders to Netscape’s format using the instructions available at http://cc.jlab.org/services/email/eud2ns.html.

Distributed Web Servers

www.jlab.org upgrade

The central web server system has been replaced with new hardware offering considerably improved performance. The software was also updated to current versions, but the configuration was retained from the old system to minimize transition problems. Now that the new system is in place, the process of migrating web content onto the other servers begins (see below), or into group directory areas to take full advantage of the features of the new configuration.

In addition to the central server, several other webservers are available to host individual group content: Hall A, CLAS, Hall C, the Computer Center, and Admin for MSDS (Material Safety Data Sheets) and TechNotes. The User Liaison Office also has a development web server, and continues to provide assistance on web development.

Most servers are Linux-based (RedHat 6.1), but HP-UX 10.20 is also currently supported, with plans to include Solaris and NT standard configurations soon. Individual groups can manage their own web content areas, and designated administrators can perform essential administrative tasks on web server systems.

Features

The server software is installed and available in CUE, and includes the following features:

· Current apache_1.3.9 server, supporting dynamic shared objects for runtime configuration

· Many benefits of CUE configuration – backups, simple publishing from desktop machines, etc.

· Server systems are built with a standard configuration and can be easily and quickly recovered in the event of system failures

· Full web server support for virtual hosts

· OpenSSL support for encryption

· Authentication of users against a central user database

· mod_perl support

· Database integration to MySQL

· Support for PHP

· Coldfusion Support (HP only, Linux under consideration)

· Central configuration of a rudimentary search engine to support existing use

· “Webalizer” web usage analysis and statistics

· Provisions available for common group repositories for java classes, image files, etc.

Plans

The following additional features and components are still under development, but are expected soon:

· Availability of entire server configuration on Solaris

· Java servlet support

· Centrally configured, distributed search engine system

· Central MySQL installation (per CUE standard)

· Linux support for ColdFusion

Computer Center Web Pages Relocated

As part of the Distributed Web Server project the current Computer Center web pages have been moved to their own web server. The URL address for the main Computer Center web server is now http://cc.jlab.org/.

Additional Information

For additional information, including configuration details and authoring procedures, refer to http://cc.jlab.org/services/webservers.

Scientific Computing

Efficient Mass Storage System Use

The Jefferson Lab mass storage system is accessed using the jget, jput, and jcache commands. These commands communicate with the tapeserver to move files between user machines and the tape silo. Since accessing files on tape includes mechanically loading tapes there are a few steps that make tape access more efficient by limiting tape loads and seeks. Here are a few tips.

Get or Put Multiple Files Per Request

Each request of the silo requires that a tape be eventually loaded in a tape drive, and this load time is significant. Requesting many files from the same directory helps the tapeserver to load the needed tapes only once per job. Additionally, a single jget/jput request is processed more quickly than a series of requests, so grouping your requests will lead to a quicker turnaround time.

Group jget Requests for the Same Tape

The jls command can be used to show which tape a file occupies, and what its position on the tape is. In this example we find that the five CLAS raw data files of interest are all on the same tape (volume 002190) and that they are stored at file positions 118 through 122 inclusive:

ifarms1> jls -f /mss/clas/e1c/data/clas_017554.A\ {20,21,22,23,24}

tape    loc file

002190  118 /mss/clas/e1c/data/clas_017554.A20

002190  119 /mss/clas/e1c/data/clas_017554.A21

002190  120 /mss/clas/e1c/data/clas_017554.A22

002190  121 /mss/clas/e1c/data/clas_017554.A23

002190  122 /mss/clas/e1c/data/clas_017554.A24

Requesting the files in this order in a single jget requests will be faster and more efficient. Here is an example of using jget to get the above files to a local scratch directory for joeuser:

jget /mss/clas/e1c/data/clas_017554.A\ {20,21,22,23,24} /scratch/joeuser

Notice that this is a shell shortcut that does the same thing as typing

jget /mss/clas/e1c/data/clas_017554.A20 /mss/clas/\ e1c/data/clas_017554.A21 /mss/clas/e1c/data/\ clas_017554.A22 /mss/clas/e1c/data/clas_017554.A2\

/mss/clas/e1c/data/clas_017554.A24 /scratch/joeuser

Request Large Files or tar Groups of Small Files

The high-speed tape drives are designed for bulk data transfer and the entire mass storage system is geared toward the transfer of large files (say, >1GB). Due to the tape load and unload times and tape head positioning, it is nearly as difficult to process a 500MB file as it is to processes a 1.5GB file. Rather than making many requests to store a large number of small files on the silo, it is always more efficient to tar or otherwise consolidate the small files before storing them on the silo. The tar file, so long as it is smaller than the 2GB file size limit, will make more efficient use of the silo.

Check for a Good Return Status in Scripts

If you use jget or jput in a script, check that the return status is good before proceeding. Here's an example in bourne shell:

#!/bin/sh

/site/bin/jget /mss/my/files /some/destination

if [ $? -ne 0 ]; then

    echo "jget failed"

  exit 1

else

    echo "jget suceeded"

    # do work with files...

fi

Or, in csh:

#!/bin/csh -f

/site/bin/jget /mss/my/files /some/destination

if ( $? ) then

        echo "jget failed"

        exit 1

else

        echo "jget suceeded"

        # do work with files...

endif

In an upcoming version of jget, extended information on the nature of any failure will be returned.

Submit Requests One at a Time

Requests made one at a time are completed more quickly. This is done as an incentive to the interactive user who makes judicious use of the mass storage system. Users who submit a single request and wait for its completion before submitting another will see a much faster turn-around time than users who make multiple simultaneous requests. Simultaneous requests are queued in the same way as other batch jobs.

Check the /cache Area Before Using jget

Before requesting a file from the silo, check to see if someone has already added it to the cache area. The cache area has the same file hierarchy as /mss, but begins with /cache and contains a small subset of the silo's contents. If the file you need is in the cache it will be much quicker to copy it from there. The next version of jget will include automatic checking of the cache area for such files.

More Information

See the Scientific Computing FAQ at http://cc.jlab.org/scicomp/faq/sc_faq.html.

Work in Progress

Cache File Servers

In an effort to make more efficient use of the batch farm, two Linux file servers have been ordered. These Linux file servers will be used as dedicated cache disk servers for farm jobs. Each system consists of Dual 650MHz PIII processors, 512 Mbytes of memory, gigabit Ethernet, and a RAID controller with 400 Gbytes of disk space. The RAID controller is capable of doing RAID 0, 1, 0+1, 3, and 5.

Since data located on these cache systems is a copy of data in the tape silo, RAID-0 (disk striping) will be used to maximize disk performance. Although the failure of a disk will require the file system to be rebuilt and all files re-cached from the silo, we believe this is acceptable given the fairly large mean time between failures of modern disk drives.

Since these Linux systems will be dedicated cache file servers for the farm, they will not be using NFS for data movement nor will they be visible to CUE. We do, however, hope to find that the performance and stability problems with NFS have been resolved in the latest release of Red Hat Linux. If so, then future systems will be used to replace all of the existing cache disks. The work disk areas will remain on the MetaStor NFS file servers, or something similar, since fault tolerance and high availability are major requirements.

The success of these inexpensive cache file servers is essential for our long-term plans to keep the data for entire runs or small experiments online and readily accessible. Keeping as much data on disk as possible is a key component to alleviating existing tape access bottlenecks.

Work Disk Servers

Upgrade plans for the current work disk servers are in progress. Multi-processor systems with gigabit ethernet are expected to be available in the next few months. The 100 megabit network interfaces on some of the servers are already being saturated to capacity and the single CPU is not enough to keep up with the numerous NFS requests. The new Linux file servers will help alleviate the load as cache files, which are physically located on the work disk servers, are migrated to the new servers. Upgrading the current Ultra SCSI interfaces to the disk drives with fiber channel is also a possibility.

Tape Drives and the Silo

Since the last Computer Center Newsletter was issued, ten new 9840 tape drives have been put into production. They are currently being used to store raw data from Hall C (e89009) and cooked data from CLAS (e1a, e2a, and g1b). Hall A will start writing raw data on these tapes in April. We have eight of the older, more expensive, Redwood tape drives.

The 9840 tapes currently hold 20 Gbytes per tape. The older Redwood tapes hold 50 Gbytes per tape, but are less reliable and cost 5 times as much. However, future versions of the 9840 tape drive are expected to increase their storage capacity. Current I/O rates for both drives are about 10 Mbytes per second. These I/O rates are expected to increase with future versions of the 9840 tape drive, while the Redwood tape drive is expected to be discontinued in the near future. Once discontinued, existing Redwood tape drives will be supported for five years.

Desktop Support

Windows 2000 Testing Status

With the recent release of Microsoft's Windows 2000 operating system, the Computer Center has purchased several licenses to begin testing Windows 2000 clients in our PC CUE environment. The evaluation will include providing and supporting a standard Windows 2000 CUE desktop configuration, ensuring support of a standard software suite, and integration with the central CUE fileservers.

During the evaluation period, Windows NT remains the supported PC CUE platform; user support on the desktop WILL NOT be available for Windows 2000 systems.

Purchases for new PCs should include the Windows NT operating system; users should NOT purchase and install Windows 2000 systems until the end of the evaluation period. Again, the Computer Center will not be able to support users and desktop systems with Windows 2000 until we announce its support in CUE. For more information see http://cc.jlab.org/desktop/win2000/.

End of Windows 95/98 Support

CUE support for Windows 95/98 systems will be discontinued June 30, 2000 because of security issues.

We anticipate completing the Windows 2000 evaluation in CUE in time to provide Windows 95/98 users with upgrade information before the end of CUE support for W95/98 systems June 30. We plan to assist users in the purchasing process by coordinating a sitewide operating system upgrade purchase in the April timeframe. For more information, see http://cc.jlab.org/announce/status.html.

New Tool for PC Support - SMS

To more effectively provide support for Windows PC desktops, the Computer Center has implemented Systems Management Server (SMS) for remote PC management. (Our previous newsletter contained a detailed article about SMS.) Users are encouraged to install the SMS client to assist Computer Center User Services staff in providing faster desktop assistance. For questions or problems where SMS is not installed and an office visit is required, users will receive assistance at a lower priority than those that can be worked remotely from the Helpdesk.

What is SMS?

Microsoft’s SMS software provides tools for distributed system administration tasks, including remote diagnostics, hardware and software inventory, and software distribution and installation. These tools will help users to better manage their computing environments, and give the Computer Center an edge in system administration for PC’s.

With the SMS client software installed, users calling the Helpdesk with questions or problems on their PC can allow Helpdesk staff to remotely access the PC, view the user’s current desktop, and assist in the diagnosis of problems. Computer Center staff will not be able to access what’s on your screen without your knowledge. When a system administrator initiates the connection to the PC, a pop-up window appears on the user’s monitor: “Will you allow the helpdesk to remote control your machine?” You must click “Yes” before the remote connection can continue. The system administrator then sees exactly what’s on the screen, just as if he was sitting at the machine.

SMS periodically performs an automatic inventory of hardware and software on all systems with the SMS client installed. This inventory provides data regarding software and hardware conflicts, version incompatibility, or other potential problems. The software inventory tool will provide accurate, current data, allowing JLab to make better decisions for sitewide upgrade paths for both hardware and software.

Finally, SMS can deliver software to a desktop PC. When sitewide software upgrades become available (Netscape, Secure Shell, …etc.), the software can be delivered to a user’s desktop. Installation can also be performed for users who require assistance with installations.

To enable the Computer Center staff to help users more efficiently, we encourage PC CUE users to install the SMS client on their machines. It takes approximately one minute to install, and the installation is very simple:

1. Go to Start, JLAB-CUE, Client Installed Programs and select Install SMS

2. On SMS Management Installation Wizard screen, click Next

3. On Select a System Management Installation Option screen, select Automatically Select Installation Location, click Next

4. Click Finish

SMS Setup will copy and install the client software to your PC, then confirm that installation is complete.

This will significantly improve our support capability, thereby benefiting both helpdesk staff and users!

Network Time Server for NT

As a computer gets older its internal battery gets slower, which causes its system clock to report the incorrect time. This problem was recognized years ago and resulted in the development of the Network Time Protocol (NTP). This protocol allows networked computer systems to synchronize with the Naval Observatory’s Atomic Clock.

The Computer Center implemented NTP on its centrally managed UNIX systems several years ago. The Network Time Protocol (NTP) application is now available for desktop PC’s running Window’s NT.

This application will synchronize your local PC’s system clock with our local timeserver (ntp1.jlab.org), which synchronizes its time with an offsite timeserver. The update of your local system clock will occur twice a day, if you install with the default configuration, to ensure that your system clock stays set correctly.

Installing NTP

To install the NTP application on your CUE Windows NT 4.0 workstation:

1. Go to Start, Jlab-Cue, Client Installed Programs, Time Server Setup.

2. Follow the instructions presented by the setup application, accepting all information as prompted.

3. After the installation of NTP, reboot your system.

Uninterruptible Power Supplies

The Computer Center receives numerous service requests concerning UPS back-up power supplies. These service requests generally report a failure of the UPS right out of the box. The company ships these devices with the internal battery disconnected for safety, as indicated in the documentation provided with the unit. The documentation provides step by step instructions on how to connect the battery. Users should read all technical documentation provided with new hardware prior to installation. This will ensure proper application, compatibility, and safety.

Any questions concerning application or compatibility should be addressed prior to purchase.

MIS

The MIS web page, at http://mis.jlab.org/, provides new web-based interfaces to many useful applications. These include “My Page”, Shipping and Receiving Log, Credit Card Log, Netscape Calendar, WEBStock, and financial WEB Reports. Some of these applications are referenced in the following sections.

Many of the DB1-based applications are in the process of moving to this new interface. Currently under conversion are the Purchase Requisition System and some of the functions that are found in CIS.

MY PAGE

Each JLab user account holder has an MIS central web page known as "My Page". This web page can be used for accessing and viewing your personal information. At the bottom of the MIS screen is a menu bar where you select the "My Page" symbol to reach your JLAB custom page. "My Page" pulls things together and provides a central location to access laboratory web-based applications. Your custom page contains the following information:

· Personal Information - A display of your Jefferson Lab affiliation, Office location, Phone, Cell phone, Pager, Default Org, Division, Department, Fax number, Mail Stop, Building Access, Supervisor.

· Training information and current building access - "My Page" checks your current training in the CIS (Central Information System). If your training is out of date, your building access may be denied for controlled areas. You can check your current training and sign up for upcoming classes in the Human Resources Ingenium training program. To access the Ingenium program, click on the “Ingenium” link located next to “Training” on the “Personal Information” area. To view an explanation on what training classes are necessary for building access, click on the link beside “Bldg. Access”.

· Vacation/sick leave balances - A display of your current vacation and sick leave balances.

· MIS Links to frequently used MIS programs –

o Credit Card - Allows you to reconcile monthly charge card purchases.

o Property search by name - Allows you to search for property assigned to a specific individual.

o Property search by tag number - Allows you to search for property with a specific Jefferson lab controlled equipment tag number.

o Shipping and Receiving Log – see the following article.

· Upcoming holiday list - A display of upcoming holidays for the current year.

· Notices - "My Page" is used to notify you of pending items:

o Requisitions - If marked “Yes”, your approval is needed for a purchase requisition in the REQS system on DB1.

o Credit cards - This gives notice that credit card information is due. The user should use the credit card program to enter his purchases and reconcile his account against his monthly statement.

o Packages in Shipping and Receiving - This gives notice that packages are in shipping and receiving for you.

o Timesheet due status - This checks the date and identifies you as needing to sign your timesheet or that your timesheet is okay (up to date on signatures). If this notice displays “Yes”, then your timesheet is due. Login to DB1 and execute the etr program. Update, sign and send your timesheet to your supervisor

o Notices for supervisors (timesheets) - The timesheet due status also works for supervisors, giving them notice of timesheets that need their authorizations. The supervisor needs to login to system DB1 and execute etr, to give authorizations for employee timesheets.

The Lab also uses “My Page” to solicit information from the individual for the 360 Feedback program, Personal information updates (Change Info), and Computer Center account audits.

Shipping & Receiving Log

The shipping and receiving log is now available as a web page from the MIS web server under the web applications link found at http://mis.jlab.org/. This web page allows a user to search for packages that have come through shipping and receiving. Searches by name, vendor, and log date can be performed with a click of a button. Shipped UPS and FEDEX packages may be tracked electronically by clicking on the log record of the desired shipped item. The web page connects to the UPS or FEDEX system and displays the tracking information for the specific item selected. For received items, detailed information regarding box priority, delivery date, problem codes, received by, PO number, vendor, lading bill will display by clicking a button on the record.

Sitewide Calendar and Scheduling

Netscape Calendar is now the supported solution for the site’s calendar and scheduling needs. The calendar service is being provided from the central calendar server jcal1.jlab.org. This calendar server is updated with current database information containing users, conference rooms, and other necessary scheduling information. Most of the sitewide resources that are available for hosting meetings at the laboratory have been entered into the Calendar server database and can be accessed by JLab Calendar account holders.

The Netscape Calendar application will allow you to:

· enter daily, weekly, and monthly schedules and agendas

· share selected information to all users, or only certain individuals

· schedule meetings

· reserve resources

· resolve scheduling conflicts between resources

· send email reminders of meetings to scheduled attendees of meetings

This application is available from the standard installation of Netscape Enterprise that is supplied by the Computer Center for Unix, Windows NT, and Macintosh (Macs must be running at least version 7.6.1 OS).

Accessing Netscape Calendar

Before you can access your personal JLab Netscape Calendar information you must:

1. Request an account and password for the JLab Calendar Services

2. Have the supported version of Netscape Enterprise installed

3. Configure your installation of Calendar to access the JLab calendar services

In most cases your account will already exist on the Calendar server and you only need to set the password for the account. To set your Calendar Server password:

1. Using your web browser go to the MIS homepage at http://mis.jlab.org/

2. Select the calendar link from the MIS homepage

3. Enter your Windows NT username and password as prompted.

4. Select the “continue” and “accept” options presented until you are placed in the MIS Computing Calendar page.

5. Select the “Request an Account link”

6. Then enter your last name as requested and select the “go” button.

7. Select your name from the list of users that is presented by clicking on it.

If your username is not listed this could mean either that you do not have a valid CIS entry, or that there is not an email address associated with your name. If you experience this problem, contact the User Services Helpdesk.

8. Set your password by selecting the password field and entering a password (this should not be your CUE password)

9. Select the “save” button to save your password or changes that you have made.

After successfully installing and configuring Netscape on your local desktop as explained at: http://cc.jlab.org/desktop/docs/ns_install.html(PC or MAC), or if you are using the Computer Center provided version on one of the central UNIX systems, the Netscape Calendar program is configured to access the JLAB Calendar services as follows:

1. Start Netscape.

2. From the “Communicator” menu choice, choose “Calendar”.

3. The “Netscape Calendar Sign-In” dialog box appears when you open your “Calendar”.

4. Type your last name (NOT YOUR USERNAME).

5. Type your password that you entered in the password field while requesting your Calendar account.

6. Enter the name of the Computer Center calendar server: JCAL1.JLAB.ORG.

7. Click “OK” to open your “Agenda”.

8. If the above fails, check your account by going to the MIS web page at http://mis.jlab.org/

More information on the JLab calendar services can be found from the MIS homepage at http://mis.jlab.org/ under the Calendar link. Individual training or group training on the features of the JLab Calendar services can be requested by contacting the User Services Helpdesk. Please give at least one week’s notice for large groups.

NOTE: The Calendar server jcal1.jlab.org is backed up every night at midnight. When the backup is performed all users are automatically disconnected from the server because backups cannot be performed on an active calendar database. There is no graceful method of disconnecting open calendar sessions so they are forcibly disconnected before the scheduled nightly backup. If you are receiving notices stating that you have been disconnected from the calendar server overnight it is due to the nightly backup. You may consider closing the calendar program at the end of each day. We anticipate that a later release of the software will be able to continue running through the backup procedure.

WEBStock

Jefferson Lab Electronic Commerce (WEBStock) is an on-line catalog that allows you to order from many different vendors utilizing the same interface for all. The catalog currently includes vendors that sell electronics, small tools, computer software and hardware and office supplies. You can use the system to create an order using one or many vendors. These orders are turned into purchase requisitions and go through the same signature authority as if a purchase requisition was written in the REQS system. As soon as everything has been signed off the order is automatically placed with the vendor via an email.

Security

JLab Official Password Rules and Requirements

In accordance with DOE Notice 205.3 and guidance in 205.3-1, all passwords in use on any system at Jefferson Lab must be in accordance with the following rules and guidelines.

How to change passwords?

See http://cc.jlab.org/services/cue/password.html.

Password selection

1. Password contains at least eight non-blank characters, provided such passwords are allowed by the operating system or application.

· The only exception may be certain single-board computers.

2. Password contains a combination of letters (preferably a mixture of upper and lower case), numbers, and at least one special character within the first seven positions, provided such passwords are allowed by the operating system or application.

· The only exception may be certain single-board computers.

3. Password contains a non-numeric in the first and last position.

4. Password does not contain the user ID.

5. Password does not include the user's own or, to the best of his/her knowledge, close friends - or relatives - names, employee serial number, Social Security number, birth date, phone number, or any information about him/her that the user believes could be readily learned or guessed.

6. Password does not, to the best of the user's knowledge, include common words that would be in an English dictionary, or from another language with which the user has familiarity.

7. Password does not, to the best of the user's knowledge, employ commonly used proper names, including the name of any fictional character or place.

8. Password does not contain any simple pattern of letters or numbers, such as "qwertyxx' or "xyz123xx".

Password protection

Individuals must not:

1. Share passwords; the only exception is "in emergency circumstances or when there is an overriding operational necessity".

· You must get prior agreement from the Computer Center Security officer before sharing passwords.

2. Leave clear-text passwords in a location accessible to others or secured in a location whose protection is less than that required for protecting the information that can be accessed using the password

3. Enable applications to retain passwords for subsequent re-use.

· This includes e-mail - do not let it remember your password.

Password changing

Passwords must be changed:

1. At least every 6 months;

2. Immediately after sharing;

3. As soon as possible, but within 1 business day after a password has been compromised, or after one suspects that a password has been compromised;

4. On direction from management.

Telecommunications

“Did You Know?”

When calling someone else’s voice mail, you can by-pass their greeting by pressing the asterisk (*) key on the dial pad of the phone you are calling from. The system will then allow you to record your message.

Central Computing

Upcoming Login and Email Changes

Telnet Shutdown for Logins

About SSH