|
|
Issue 9 |
October 2001 |
After several months
of planning and execution, the expansion of the
Before the expansion of
the main computer equipment room could begin, it was required that several
staff members be relocated from
Finished Expansion Area Populated
Expansion Area
Data Silos After Completion of Installation
A photographic record
of the expansion can be found online at http://cc.jlab.org/general/cc_expansion/ulthm3.htm.
CUE Password
ExpirationThe CUE tool for
changing your password ("jpasswd") was designed to implement our site
security policies regarding system passwords. One provision of these policies
currently requires that passwords be changed every 6 months.
The jpasswd system
provides this "password aging" functionality. This feature is now
being enabled. The system periodically checks all user accounts to identify
those whose passwords are near or past expiration.
Users whose accounts
are nearing expiration will receive a series of warning e-mails letting him
know of the upcoming account closure. Upon expiration, these accounts will be
automatically disabled and will require the user to contact the
During the warning
period (3 weeks prior to expiration), e-mail will be sent to the user, asking
that he change his password and letting him know that the account will be disabled
if the password is not updated soon. The warning e-mail will be repeated weekly
at the start of the warning period, but will be repeated daily during the last
week prior to account suspension.
If you have any
questions or comments, please refer to the
The
Users are responsible
to backup all information NOT on a disk managed by the
Backups are
maintained of the following centrally maintained directories that are provided
from central network fileservers: home, group, apps, and site. The scratch,
work, and cache directories are not backed up.
Backups are
maintained by doing weekly images with daily incremental backups. The weekly
images are kept for at least one year and the daily incrementals are kept for
45 days. This means we have the capability to restore a file from any given day
for 45 days. After that, we can only restore files as they were on the weekly
images. The weekly images for user and
group areas are performed on weekends. In a typical week, there is almost 800
GB of incrementals and 900 GB of images performed.
Support for the
software that administers the backups has been discontinued at the end of this
year. This required the
If there is a need to
recover lost data from
Files stored on the central fileservers have periodic
"snapshots" made of each folder's contents. These snapshots include
copies of files as they appeared in the past, and can be used to recover
accidentally deleted or changed files without the need to go to tape backups.
Every directory on the central fileservers contains a subdirectory named
".snapshot" which itself contains several folders: hourly.0, and hourly.1, … These snapshot directories can be used as a
source for copies of files you may have deleted and/or corrupted.
As an example,
suppose that you accidentally deleted the file j:\myfile on your CUE configured
Windows PC. In this case, the folder J:\~snapshot\hourly.0 contains your files
as they appeared at the last hourly snapshot. The folder J:\~snapshot\hourly.1
contains your files from two hours ago, and so on. To restore "myfile", you look in the ~snapshot directories for the
one you want and drag it to the original location, perhaps copying
J:\~snapshot\hourly.1\myfile to J:\myfile.
Another example would
be if you had accidentally deleted the file /home/username/myfile
on a CUE configured Unix system. In this case the
/home/username/.snapshot/hourly.0 directory contains your files as they
appeared at the last hourly snapshot. The directory
/home/username/.snapshot/hourly.1 contains your files from two hours ago, and
so on. To restore "myfile" you would search
through the .snapshot directories that you want and copy it back to its
original location. The process would be as follows:
Since the snapshot
directories are maintained by the file servers for you, you cannot copy files
into it. It can only be used to retrieve files, as a way to restore file that
were accidentally deleted. If you delete a file, and do not notice it for a few
days, it will not appear in any of the snapshot folders. If the file is needed,
the
If the files that
need to be restored are previous to the copies maintained in the snapshot
directories a request must be made via CCPR to recover the files from tape
backup. When submitting a request to recover file be sure to include the
following information:
Please realize that
restoration of files from tape is not immediate and can be time intensive.
The second tape silo was successfully installed during
the month of August. The addition
effectively doubles the number of tapes that can be kept online and available
for access from 6,000 to 12,000. These numbers
are maximum values as the number of tape drives connected to the tape silo
limits the actual available amount of storage space. There is a pass-through port between the two
tape silos, allowing tapes to be passed between them so that they may behave as
a single large silo.
Along with the new
tape silo came five additional T9940A tape drives. This brings the total number of T9940A tape
drives to ten. These tape drives are to
replace the older 8 Redwood tape drives. They are just as fast as the Redwoods,
hold an extra 10 GBytes of data, and are Ľ the cost
of a Redwood tape drive.
New data is no longer
written to Redwoods, but goes to either T9940A or 9840 drives. This is because the newer tape drives are far
more reliable and support for the older Redwoods will end in the near
future. With support for the Redwood
tape drives ending, we must migrate the data on
Redwood tapes over to the new T9940A tape drives.
We have already made
enhancements to JASMine for doing tape migration and have begun to migrate the data from the Redwood tapes onto the new T9940A
tapes. We have placed an order for 1000
T9940A tapes to start the process of migration.
Once the tapes arrive, we will start running the migration process
24x7. This process is expected to take
many months to complete.
JASMineIn addition to the
tape migration enhancements to JASMine, three new user commands have been added
and are being tested. These commands are jremove, jrestore, and jrename. Once testing is completed, the commands will
be made available for use.
The jremove command will remove a stub file from the /mss
directory tree. Since you cannot really
delete a file on tape, the jremove command moves the stubfile into a hidden subdirectory called .storeattic. A
version number is also appended to the filename in case multiple stubfiles of the same name are removed over time.
The jrestore command will restore a removed file to the /mss
directory tree. This is really just a
move from the .storeattic subdirectory back to the
original directory. A version number
must be supplied if multiple versions exist.
The jrename command will change the filename of a stubfile in the /mss directory tree. It will not move stubfiles
between directories. It will only change
the name of the stubfile. This is because files are written to groups
of tapes called volume sets. The
directory in which a stubfile exists or is written to
determine which volume set used.
Three new work file
servers were brought online in August.
These are Linux servers with 1 TByte of disk
space and gigabit Ethernet connectivity.
The CLAS work areas were migrated to the new servers, freeing up space
on the older servers for halls A and C.
These new servers are better equipped to handle the load generated by
CLAS users. Since moving the CLAS work
areas to the new servers, we have not seen any problems with the CLAS work
disks being unavailable because of the load on the server.
The new cache file
servers were also brought online in August. These are Linux servers with 900 GBytes of disk space and gigabit Ethernet
connectivity. This resulted in an
increase of 2.7 TBytes to the CLAS cache areas, 900 GBytes to the HallA cache area,
and 400 GBytes to the HallC
cache area. Increases were also made to
the farm cache area for the pre-staging of data files from the tape silo for
farm jobs.
The original eleven
farm nodes were decommissioned in August.
They were dual Pentium II 300MHz systems. Sixty dual Pentium III 1GHz farm nodes will
replace them. These new systems have just been delivered and should be
available before the end of October. They represent an increase of about 5,520
SPECint95. This is only some 400
SPECint95 shy of doubling the processing power of the farm. Once the new farm nodes are online, the
processing power of the farm will be approximately 11,000 SPECint95.
NCD X-terminal
Warranty Service EndsThe
NCD warranty service contract on all JLab NCD Xterminals has expired.
The warranty repair service previously
contracted through NCD repair facilities is no longer be available for all
remaining JLab NCD Xterminals (including HMX series and newer). Should a failure of this brand equipment
occur, the owner is responsible for its replacement.
Any questions should be directed to helpdesk@jlab.org
.
The Computer
Center will stock working replacement X-terminals as far as space permits. As
mentioned in previous Computer Center Newsletters the following alternatives
are available as alternatives to the Xterminals:
JLab Thin
Clients Due to the expiration of the NCD
warranty service contract on all NCD Xterminals, the
The first type of
client connects to a terminal server upon boot-up, and allows you to have what
appears to be a complete Windows PC running on your desktop. The second type of
client is a system that boots from a server and runs a Linux desktop. This
configuration allows users to run Linux applications locally with the added
benefit of connectivity to the terminal server to run Windows applications.
The
1)
Wyse Winterm 1200le - This is a Windows
PC thin client which, when the system has booted (which takes less than 10
seconds from power up to login screen), presents the user a Windows 2000 login
on the terminal server. X windows connectivity on the Windows 2000 desktop is
provided by the Exceed Hummingbird application available by default on the
terminal server. The Wyse Winterm 1200le thin client
system is available for purchase from the MIS Stock application and it has a
cost of approximately $400, excluding monitor.
2)
IBM N2800 - This thin client system boots from a server
and installs RedHat Linux 7.1 locally. Users on these systems run Linux on
their desktop as if they had installed it locally themselves. The applications
available are those that are normally available on Linux CUE level 1 install
systems. The
The following client
is supported and available; however it is not the client that we recommend:
3)
IBM N2200e - This thin client is functionally the
same as the Wyse thin client mentioned above. The difference between the two
systems is that Linux can be run on this system if the amount of resident
memory is increased. The Linux/Windows configuration is modifiable by the
One of each of these
systems will be installed in the public PC areas of
For more information on these systems, you can contact
Kelvin Edwards at kelvin@jlab.org.
The PC purchasing
contracts that Jefferson Lab has with Dell and Micron have been updated. The
current configurations have the best prices and the newest accessories for the
Desktop PCs. Instructions on how to login and use of the configuration pages
can be found on the Computer Center PC Purchasing pages located at http://cc.jlab.org/services/pc_purchasing/.
If you have any questions or would like to see items added to the PC configurations
please contact helpdesk@jlab.org.
DOE has provided
access to certified computer security courses for the Lab's system administrators.
This training is provided by the SANS Institute and is one of the most highly
respected certification programs available for computer security. SANS (System Administration, Networking, and
Security) has a home page at www.sans.org.
SANS describes the
Global Information Assurance Certification (GIAC) Programs in this way:
“To address the
lack of trained security professionals in the field, the SANS Institute has
developed several core training courses, or Tracks. SANS courses were developed
through a consensus process and provide education in the essential best
practices and hands-on skills needed today. SANS faculty members and over one
hundred security professionals contributed to the consensus process, including
many of the world's most experienced front-line security and system
administrators, intrusion detection analysts, consultants, auditors, and
managers.”
The courses start with
a general overview of security and then move quickly into the details of
network protocols and how to secure UNIX/Linux and Microsoft NT and 2000
machines.
We have about a dozen
individuals enlisted in the first round of this web-based training. This is a
substantial commitment by those taking the course with a deadline for
completion of about six months. We understand that DOE may be providing
additional opportunities for free registration in these courses. If you are
interested, please send a note to security@jlab.org.
Hoax BustersIn addition to the
unsolicited email from purveyors of get-rich-quick schemes, zero-interest
loans, and other less savory items, Internet mail sometimes includes messages
reporting some new, extremely malicious virus that threatens world peace and
prosperity or, at least, the sanctity of your computer. These messages are
often characterized by an allusion to recent announcements from Microsoft, an
exaggerated style (lots of exclamation points!!!, ALL
UPPER CASE, etc), and instructions to "warn all your friends." Others
might describe the plight of a handicapped child or person on their deathbed
that deserves our money, kindness, or electronic get-well wishes.
Very often, this type
of message is a hoax. Some of these have been circulating on the Internet for
years, forwarded by well-meaning people to everyone in their address book and,
thus, gaining renewed life.
We should all be
skeptical of such messages, but it is often difficult to validate the content
of a message, especially when it is a forward of a forward of a forward ...
Some quick help is at
hand, however. One such source of information is CIAC's "Hoax
Busters" page -- http://HoaxBusters.ciac.org/. CIAC is DOE's Computer Incident Response Capability. There is also, coincidentally, another site
of nearly the same name (http://hoaxbusters.org/)
that provides similar information, though perhaps a bit more general. This second site also has a good page on
"five telltale signs" of a hoax.
CIAC's site provides
search capabilities which can be used to look for a key phase or subject line
from the suspect message. If you find a
match, you can drop the message and forward the Hoax Buster reference back to the
sender.
If no reference to the
message in question is found on these pages and you feel that the message
content is still important enough to send to your friends, you know you have
done at least a bit to ensure that you are not a conduit for passing bad
information.
Jefferson Lab's
computer security team will begin offering seminars on topics relating to
computer security. Seminar topics will range from technical presentations to
policy discussions. Seminars will be announced in news messages, and in the
weekly Computer Center News. If you have an item you would like to see the
subject of a seminar, please send email to security@jlab.org.
The
Network equipment and media upgrades for the Test Lab,
the Test Lab Addition and the neighboring Tech Shop (building #59) have been
completed. The users can now take full
advantage of the performance enhancements available to them in these
areas. As a rule of thumb all odd
numbered ports (ex. 3-13) labeled in the offices are currently activated on the
new networks. If you need additional ports in your area activated or network
cables please submit a Computer Center Problem Report (CCPR) with the category
“Network Service Request”. We will get
to them in a timely fashion. If the need
for new additional installed ports is requested, we will handle them on a case
by case basis. Once all users are
converted to the new Category 6, switched, twisted pair network, we will then
be coming through for the final phase – pulling out the old coax network cables
and equipment to clean up. The only area
that does not require this phase is the newly erected Test Lab addition. Any questions regarding these upgrades can be
directed to helpdesk@jlab.org.
Due to the Lab’s rapid growth, more IP address space on
the backbone subnet is needed. To reclaim IP addresses there will be a subnet
change for computer systems located in the Testlab, Test Lab Addition, and Tech
Shop. This subnet reconfiguration will occur at
The Telecommunications group within the
As a result of the service change, the local dial-in
number used for the Remote Access Server (RAS), which provides off-site
computer access, will be changed on October 31, the
toll free 1-800 number will be unchanged. The 930-2576 phone number currently
in use for dial-in will be changed to 256-4000. The local dial-in number used
by the AES group will be changed as well and this number will be distributed to
the AES group separately.
New Adelphia calling cards were also issued to affected
staff members to replace their existing Verizon calling cards. By completing the
award for telephone service, both the Procurement department and the
Telecommunications group within the
Telecommunications
Helpful HintIf you are sharing a telephone with another person; you
may request a personal voice mail box. This will allow callers to leave you a
message in your mail box
that can only be accessed by you.
Any Questions? Call Telecommunications at extension 7361, or 7206 for
more information.
Submit a problem report or request for
assistance:
Note
that the quickest method is to submit an electronic request, as the report is immediately
assigned to a staff member and seen by many other staff.
After
business hours, for emergencies only involving major outages or interruptions
to the physics experimental program, contact the guards, who will contact our
on-call staff member.
Other
sources of information in CUE are the news messages available on login, and the
Computer Center’s web status and announcement pages. For news, simply type
“news” to get the latest unread messages, “news a b” for a brief listing of all
messages, or “news 100” to read message #100. The web page information can be
found at http://cc.jlab.org/announce/status.html.
For users who have purchased Dell, Micron,
Pony, or Gateway PCs under JLab’s ordering agreement, your machine includes
3-year onsite hardware support. You can directly contact Dell at
1-888-560-8324; you will need your 5-digit service code (a label on the back or
bottom of your machine). To contact Micron, call 1-800-249-1179: extension 59684 for Tech Support, extension
59028 for Customer Service, and extension 31205 for Sales Service. To contact
Gateway, call 1-800-846-2303 with your system’s serial number. For Pony support please call 1-888-809-1588
extension 114.
The Computer Center Computing Weekly News mail archive
can be found at:
http://www.jlab.org/ccc/mail_archives/ALERTS/cc-weekly/CURRENT/.
The Computer Center Scientific Computing
Briefs mail archive can be found at:
http://www.jlab.org/ccc/mail_archives/ALERTS/jl-scicomp/CURRENT/.
The archive of previous Computer
Center newsletters, as well as the current newsletter, can be found online at http://cc.jlab.org/announce/newsletter/.
This document is maintained by {helpdesk@jlab.org}
Copyright Jefferson Lab 2007