Computer Center News

News

This is the first edition of what we hope will become a regular newsletter, with the aim of better informing the user community of what the Computer Center is doing. The newsletter will be published initially both on paper and on the web, every 2-3 months. Please send comments on it’s usefulness (or otherwise), requests for articles, suggestions as to content etc. to ccnl@jlab.org.           

Ian Bird

General Computing

Upgrades

The general purpose Solaris machines (jlabs1-4) have been replaced by two new 4-processor systems. The two new Ultra 450 machines represent a 6-fold increase in computing power over the four old machines. Each of the new systems has four 250MHz Ultra Sparc processors, 2GB of main memory and 18GB of local scratch disk space. These systems are intended as general-purpose machines.

Usage

Since the batch and interactive farm systems now have a significant amount of CPU power, the general purpose systems (jlabx#) should no longer be used for running long jobs (longer than a few minutes). All that type of work should be done on either the batch farms or the interactive farm systems (see following article).

VMS

General user access to the central VMS systems was disabled on October 1. The VMS systems will be removed entirely at the end of 1998. From that time there will be NO access to any VMS file or backup tapes. Those users who still have files on VMS that they would like to keep should send a request to vms_close@jlab.org before December 1. After that date we cannot guarantee the ability to retrieve your files.

Once the VMS systems have been removed, there will no longer be any support for text-based terminals (e.g. the Graphon terminals). The terminals used by the guards and currently present in rooms in the residence facility are being replaced by PC based systems.

Maintenance Schedules

In the interests of more stable services, we have begun scheduling regular central system maintenance on the first Tuesday morning of each month. This is intended to coincide with the accelerator maintenance schedule. We hope this will reduce the service interruptions and improve the long-term stability of the services we provide. As far as possible we will try and perform all maintenance during this time. The actual schedule will be published in advance. Not all systems will be taken down during these periods. The status of any current problems and scheduled maintenance will be kept up to date at http://cc.jlab.org/announce/status.html. System outages will continue to be posted to the subscribable mail list outage-alert@jlab.org.

We are anticipating performing major upgrades to the experimental physics work area fileservers, and the silo software during the first week of January 1999. Those facilities would thus be unavailable for several days during that week.

Local system administrator mailing lists

Several new mailing lists have been established to provide a means of distributing current security-related and general technical information to the administrators of on-site systems. A list has been set up for each of the architectures in use at the lab. If you would like to subscribe, send a request to majordomo@jlab.org with one or more of the following lines in the body of the message:

• Subscribe aix-admin
• Subscribe hp-admin
• Subscribe linux-admin
• Subscribe nt-admin
• Subscribe sun-admin

X-terminals

We have been working to consolidate the X-terminal booting procedures and font servers. The visible result of this will be a much faster login procedure (a few seconds instead of many minutes). It will also provide for simpler and more consistent management of the terminals for the systems group. This task should be finished before the end of November.

Support Services

The support and helpdesk functions in the Computer Center have been reorganized into a new Support Services team led by Dave Rackley. As well as continuing to provide the helpdesk service, the team is mandated with improving general communication to the user community, including the Computer Center web pages and documentation, and automating certain basic functions. The user services home page (http://cc.jlab.org/support/) provides access to the new services:

• Gnats – our problem report tracking system
• Online Computer Center service requests
• Online IP address requests

Additionally there are several new e-mail addresses to use to get support (see the list at the end of this newsletter). These addresses supercede the old helpdesk@jlab.org. That address will still work, but using one of the new addresses will mean that your problem report will reach the appropriate person sooner. All problems and requests reported via any of these methods (mail, service request, using Gnats directly) will be logged in a database for tracking. You will receive an acknowledgement including a report number, which you can use to trace the progress of your problem. From the Support Services home page you can query the database to see the status of your problem report, or search other reports to see whether a similar problem has already been resolved. In all cases you will receive e-mail each time your problem is acted upon or (hopefully) solved. We intend to eliminate paper requests for service and IP addresses. Using the electronic methods enables us to ensure that we respond to all requests.

Computer Room Expansion

Move of user area

The machine room in the Computer Center is due to be expanded into the present user area. You may have noticed that we have already moved the public printers, X-terminals and the public PC to the mezzanine area above the cafeteria. The scanner is now connected to the PC; the old public Macintosh is no longer available. The Computer Center itself is now locked outside of business hours.

Printers

The recommended central printers are now: cchp1 – a fast HP laser printer capable of duplex printing on letter or 11x17 size paper; pscolor3 – a high quality color printer that prints either paper or transparencies. The old pscolor1 is no longer available – it is expensive in both paper and maintenance, and cl210hp is no longer accessible after hours.

Common User Environment

Integration of PC and Mac

The Computer Center has recently announced the extension of the Common User Environment (CUE) to personal computers. The new environment provides integration for Unix and PC users. Within the next few weeks we will be able to include Macintosh users in the new environment. The system centers around two central fileservers, one serving home directories, the other providing group-shared areas. Files on those servers are accessible directly from Unix systems, from PC’s and also from Macintoshes. Users have a unique home directory visible from any platform.

The environment for PC’s is highly standardized with identical configurations on all machines as far as possible. A number of centrally served applications are available with more to come in the future.

Remote Access

The Computer Center has installed a new remote access server for dial-in connections to the JLab network. The Cisco AS5300 provides 72 56k-Flex/ISDN modems for analog and digital access. The 56k modems will be upgraded to the new V.90 standard within the next few weeks. An account on the JLab NT domain is required to use the server, since all user authentication is performed against the NT user database. The server provides access from dial-in Windows machines, PPP from Unix, and ARA for Macintosh. The old terminal server modems will be removed from service very soon. The LanRovers will also be removed after solving the Apple remote access problems with the new system.

For more information on joining the environment, please refer to the CUE user’s guide, the guides for configuring Windows NT and 95, and the dial-in guides – all available from http://cc.jlab.org/support/dial_in/. Instructions for setting up Linux machines for PPP access through the server can be found, thanks to Arne Freyberger at http://claspc1.jlab.org/jlab_ppp.

Scientific Computing

Farms

With the recent delivery of 20 more dual Pentium II 400 MHz Linux machines, the batch farm systems will shortly provide close to 1000 SPECint95 of CPU power. The initial Linux component of the farm has been running continuously since April of this year, and has proved successful despite some stability problems with the SMP Linux kernels. The new machines, which are currently being installed and tested will augment the current capacity by some 600 SPECint95. Initially we will install 8 machines into the current configuration, running RedHat 4.2, to relieve the present CPU bottleneck. The rest of the machines will be configured with RedHat 5.2, and once these are up and running we will begin to migrate the other machines to the later RedHat version. We had been previously constrained to run at version 4.2 by LSF – the software that manages the batch queues. This constraint is now gone.

Once all Linux systems are running at the latest OS version we will reorganize the queues and fair sharing algorithms to ensure that the smaller user groups get a reasonable job turnaround.

The interactive farm systems have also recently been upgraded with the addition of two Sun Ultra 450 machines. These 4-processor systems (ifarms1,2) replaced the single dual processor system. We will shortly enhance the Linux component of the interactive farms with a dual processor (Xeon 400MHz) system, which will be installed at RedHat 5.2. As we migrate to RedHat 5.2, which is glibc-based, most user applications will need to be re-linked in order to run on the new systems.

The ifarm and batch farm systems are available for all experimental groups. Instructions on accessing and using these systems can be found at http://cc.jlab.org/scicomp/.            

Mass storage

Access to the STK silo was augmented during the month of September with the addition of 2 more RedWood drives, bringing the total to six. We have had problems with all of these drives – mainly mechanical reliability problems, for which we are in contact with the manufacturers. These problems are certainly not unique to us, other sites report similar difficulties. Nevertheless, the system has recently been accepting data from CLAS at the design rate of 10 MB/s, and in recent days the silo has moved over 1TB of data per day.

We are in the process of improving the local software to make it more robust to errors, however, there is not very much we can do in the short term with the OSM software that controls the silo itself. Unfortunately, that software is not very sophisticated in its error recovery. In the longer term, we intend to re-evaluate the options for mass storage management software.

Networking

The link between the mass storage silo and the Ethernet switch serving the experimental physics network has been upgraded to a Gigabit connection to improve the throughput from the silo to the farm. We have taken delivery of a second Gigabit switch to replace the switch in the counting house, upgrading the connection between the experimental areas and the Computer Center.

Software

Supported platforms

The Computer Center will now support the following platforms, and will endeavor to keep Cernlib, GNU, and public domain software up to date on them.

• Sun – SPARC : Solaris 2.6 (includes 2.5,2.5.1)
• IBM – RS6000 : AIX 4.1.5
• HP – 9000 : HP-UX 10.20
• Intel x86 :
• Linux – currently RedHat 4.2 – soon to be RedHat 5.2
• NT – a subset of available software – presently this is mostly experimental until we get user demand. Usually Windows95 will be able to use this software; however, if there is a problem we will support only the NT version.
• We do not support older versions of HP-UX (9.x), or Solaris on Intel, or Linux on non-Intel architectures.

On all platforms the software is in the /apps directory (on Windows this is mapped as your K:\ drive automatically upon login to the JLAB domain in CUE).

Support for Linux

We are currently investigating providing a standard JLab Linux configuration. This will be based on RedHat 5.2 and will provide a simple means to install a new machine and to ensure that its configuration matches local requirements. At the moment Linux systems can have access via NFS to certain of the filesystems served by the central fileservers, but not the home directories because of security concerns. We are looking into ways around this, possibly using SMB access to the fileserver, which would then allow the use of central (CUE) home directories on Linux machines, and permit those machines to be more tightly integrated into CUE. More news on this when it is available.

Presently, we do provide a local RedHat mirror that can be used to do NFS installs. The server is mirror.jlab.org and the filesystem is /local/mirror/redhat; for example the RedHat 5.2 distribution for Intel x386 is found in /local/mirror/redhat/redhat-5.2/i386.

Cernlib

Cernlib version 98 is available (setup cernlib/98) on all supported platforms, including NT. Currently it is the "new" version; the production version (and default) is 97a.

Replacement/Upgrade of the Setup utility

We are currently assessing how to maintain and provide the functionality currently provided by the "setup" utility. That software has several problems, and we have received many requests to improve it. Several options are available; we have sent out a request to interested groups to give us input on the functionality that they require in such a system. If you have input on this subject, please either contact your local software coordinator, or e-mail to bhess@jlab.org.

Recently updated packages

 

Support for NT

As mentioned above, we are installing a subset of available software on Windows NT. We would like to get user feedback on this, particularly if experimental groups see a use for computing on NT. Currently we have installed Cernlib version 98, ROOT(v2.00/13), CVS, the Cygnus package (includes many GNU tools – including gcc/g77/g++, shells, Tcl/Tk, perl, etc.,etc), VIM (a GUI vi replacement), Java, and the new version of Poisson from Los Alamos.

Security

As part of the effort to make all systems at the lab more secure, we are encouraging a number of things. The main source of break-ins to any of our systems is from hackers who have either guessed, stolen, or cracked easy to guess passwords. For this reason we will be insisting more and more that people use passwords that conform to certain rules, and we will also start forcing regular password changes. We run a program that tries to guess passwords (any child with a PC can obtain this program and the tools to break in to almost any system from the Internet). If the program guesses your password you will be sent a request to change it, if you do not then we will block the account. Also, if the guessed password does not conform to the rules the account will be blocked immediately. Passwords should follow the following simple set of rules:

• Contain an upper case letter [A-Z]
• Contain a lower case letter [a-z]
• Contain a number [0-9]

A valid password must use all three of these rules, and should not be easily guessable (like your name or username). Adding other symbols (,.!@$%&) also helps to make the password hard to guess. Password crackers have access to enormous amounts of computer time, and dictionaries of passwords – any password that uses an English word or name will be cracked in seconds!

One problem that makes passwords easy to steal is that with most remote login methods (telnet, softerm, etc.), passwords are sent in clear text over the network and are trivial for a hacker to view. We are encouraging the use of secure-shell (ssh) in place of telnet, rsh, and softterm. There are free versions available for Unix and PC systems, we also have a site license for a commercial PC version which is needed in certain situations and can be used on Macs. Soon we will begin to enforce the use of ssh and to prohibit telnet and softerm on-site. ssh is available on all central Unix systems and as part of the PC CUE environment.

The other source of passwords being sent in clear-text is email when using a POP or IMAP server. For this reason we have installed a secure IMAP server. At the moment the only clients that are able to make use of this are Netscape (4.05 or later) and Outlook 98/Outlook Express. We strongly urge the use of the secure server – the sooner we limit the sending of passwords in the clear over the network the easier life will be for all of us. Details can be found at http://cc.jlab.org/services/email/.

Y2K Issues

Although regarded by many as a joke, or at worst a nuisance, the Y2K issue is nevertheless a very real problem. At the lab we have undertaken an audit of most of the centrally managed and essential systems, as well as auxiliary systems such as elevators, personnel safety systems and so on. We have an obligation to report the status of all our systems to the DOE.

In addition to this centrally managed analysis, each individual group must look at it’s own set of applications and determine what it’s behavior will be after the year 2000 date change. Does your application use a time-dependent database for calibration data? Will it still work? If you believe you may have a problem, or would like more information on what to worry about, please email to y2k@jlab.org, or contact Sandy Philpott who is coordinating this effort for the lab.

MIS

After many months of effort, the changeover to Costpoint in Business Services has finally been completed. Over the weekend of 7-8 November, the MIS team worked with Business Services to close out System 1 and bring the new system on-line and up-to-date. Although this was a major milestone, changes will not be visible to most users until the other pieces of the system are moved – probably early in December. Before that time there will be Costpoint training sessions scheduled for users.

PC Purchases

The Computer Center and Procurement departments have negotiated a basic ordering agreement with Gateway and Dell for new PC purchases. Any new purchases should now be preferentially made from one of these vendors, unless there is a good reason not to. Both vendors provide standard PC configurations – to our specification, and guarantee the on-site support and maintenance we require. The standard configurations are ADP pre-approved, and the entire purchasing procedure has been streamlined. Dell and Gateway will be providing Jefferson Lab specific web pages where users will be able to browse, configure and purchase systems. Purchase requests will be generated automatically from the web page, (and will be approved by the account holder in the usual way), and ordered directly over the web. The user will be provided with a confirmation number with which the status of the order can be tracked. The full system is not yet operational but the standard PC configurations can be viewed at http://cc.jlab.org/desktop/docs/pc_purchase.html, and is where the ordering will be done once the system is up.

Telecommunications

There have been several recent upgrades to the telecommunications equipment. The new higher capacity phone switch will be installed in the ARC building in November, and will become the central switch for the site. The voicemail system has recently undergone an upgrade – also in readiness for ARC occupancy.

Problems with cellphone reception on site have been investigated by the Telecommunications team together with engineers from GTE. Reception is actually no worse now than it was with the previous 360 service, but patterns of usage have changed. Coincident with the new GTE contract many more cellphones are now in use, and are used to make calls on-site, whereas previously they had been primarily used by on-call people located off-site. Additionally, use of cellphones in the experimental areas is new. GTE made a test with a 4-channel transmitter located close to the MCC. The positive results from that test have led to plans to install a permanent transmitter on-site to optimize reception almost everywhere. However, due to the construction of building 97, the situation there is unlikely to improve without the addition of re-radiators in each of the control rooms. This option will be considered if it appears necessary, once the new transmitter has been installed.