1CERN Computer Newsletter • Apr i l–May 2006

EditorialAIS group keeps CERN on track 1Computing featured in this month’s CERN Courier 2CNL archiveComputing at CERN in the 1970s 3Announcements & newsNew LDAP server for e-mail address book 4CRA account tool comes into effect 4CERN urges mail clients to use secure protocols 4Oracle support provides a range of new tutorials 4Physics computingNew tape storage for LHC era 5Linux update: CERN to migrate to SLC4 this year 5LCG newsThe view from the experiments 6Conference reportsCHEP’06 anticipates the start of LHC experiments 8EGEE User Forum marks a new phase for Grids 9Technical briefsBOINC activities at CERN 10CERN Windows Terminal Services 11Information cornerWorking with NonAdmin on your PC 13CERN School of Computing will be held in Finland 13Calendar 13

Editors Nicole Crémel and Hannelore Hämmerle, CERN IT Department,1211 Geneva 23, Switzerland. E-mail: cnl.editor@cern.ch. Fax: +41 (22) 7668500.Web: cerncourier.com/articles/cnl.

Advisory board Wolfgang von Rüden (head of IT Department), François Grey (ITCommunication team leader), Christine Sutton (CERN Courier editor), Tim Smith(group leader, User and Document Services).

Produced for CERN by Institute of Physics PublishingDirac House, Temple Back, Bristol BS1 6BE, UK. Tel: +44 (0)117 929 7481. E-mail: jo.nicholas@iop.org. Fax: +44 (0)117 920 0733. Web: iop.org.

Published by CERN IT Department

©2006 CERN

The contents of this newsletterdo not necessarily represent theviews of CERN management.

ContentsVolume 41, issue 2 April–May 2006

Each time you fill out anelectronic document handling(EDH) form on the Web orreceive a pay statementelectronically, the AdministrativeInformation Services (AIS) groupwill be involved behind thescenes, deploying, maintainingand often developing thesoftware that will deal with them.CNL spoke to the AIS groupleader, Reinoud Martens, aboutthe progress that has beenachieved over the past few yearsto streamline these services, andthe challenges that lie ahead.

Can you give us a sense of whatEDH at CERN involves, in terms ofIT infrastructure?Last year the EDH system

handled 250 000 electronicdocuments, involving 650 000digital signatures. While moststaff and users at CERN may befamiliar with EDH, and manyknow about CERN ExpenditureTracking [CET] and HumanResource Toolkit [HRT], theyoften don’t realize that there is acore of corporate systems thatmakes all of this work.

In fact, EDH is responsible forthe workflow of documents –routing them to receivingsystems. There are some sevensuch systems, depending onhow you count them: one dealswith financial accounting andpurchasing, another deals with human resources, and soon. If we lost EDH we would intheory lose nothing that isabsolutely vital to theorganization, since all of thedata ends up in these coresystems. If on the contrary we

AIS group keepsCERN on track

The Earned Value Management

system (left) is tracking various

aspects of the cost of the Large

Hadron Collider (above) through

to its completion.

CERN COMPUTERNEWSLETTER

2005

Chart produced by EVM

today 2007

cost

Editorial

2 CERN Computer Newsletter • Apr i l–May 2006

lost our financial system, no payments (including salarypayments) could be made.

AIS uses a combination ofbespoke solutions and off-the-shelf commercial products. Whatdetermines your software choices?We have bespoke developments,such as EDH, CET and HRT, whenwe don’t find a suitable producton the market. But where we canbuy off the shelf, with anacceptable level of quality andfunctionality, we do so. This isthe case, for example, with thee-recruitment application, whichhandled more than 19 000applications last year. The CERNstores are using BAAN forlogistics and warehousemanagement. This is essentiallya small business, with aturnover of over SwFr 40 millionper year and more than 14 000different items in stock, so itmakes sense to use a standardbusiness solution.

Qualiac is a commercialproduct that we use for financeand purchasing, as well asgoods reception and allmovements of goods. It is usedinternally on the CERN site, andto and from any location in theworld. CERN’s requirements inthese areas are sufficientlystandard that a goodcommercial product can handlethem. There are always a fewcases where a bespoke solutionmight provide more or betterfunctionality, but the extra costusually outweighs the benefits.

A big change over the last fewyears has been the introduction ofincreasingly sophisticatedproject-management tools. Canyou sketch this evolution? Over five years ago we starteddeveloping Project ProgressTracking [PPT] for ATLAS andCMS, as a collaborative tool onthe Web. This was limited totechnical milestones, and didnot include financial data. In2002, as a result of the Aymarreview, there was a big push toimprove project management forCERN in general and the LargeHadron Collider [LHC] inparticular. We started with acrash implementation of PPT forthe LHC, loading PPT with thedata on contractual financialmilestones from our financialsystems on which we lackedupdated planning information.

This took about four monthsand was such a success that itevolved into our Earned ValueManagement [EVM] system in2003. The LHC project has reliedon this tool ever since. We nowhave 12 000 work units in EVM,each representing a piece ofwork with clearly defineddeliverables, typically over amaximum of a few months.

PPT is a framework – a set ofcomponents – that enables us toquickly implement solutions forother projects. For example,Enabling Grids for E-sciencE andCERN Neutrinos to Gran Sassoboth rely on PPT. This softwareis also at the heart of theActivity Planning Tool [APT], aCERN-wide tool that is notrestricted to projectmanagement, and that wassuccessfully deployed last year.What APT means in practice isthat it will become much easierto establish a link between whatdepartments ask for, what theyget, and what they actually use– and all of this from a singledata repository.

One of the interesting trendsthat we are seeing with PPT isthat other labs and major projectsare expressing an interest inadopting it. Both ITER [theinternational fusion reactor] andthe International Linear Colliderare seriously considering PPT fortheir needs.

What plans do you have for AISin 2006 and beyond?A milestone for 2006 is theintroduction of the ComputingResource Administration [CRA].This provides far better controlwith a direct link to the HumanResources database, and it can

be updated promptly whenpeople’s roles change or usersleave CERN.

Keeping computing accountsand access up to date, andcomplying with best practice onthis, is particularly challengingat CERN where we have a largeturnover of short-term visitors.There are more than 170 000people registered in CERN’sOracle Human Resourcesdatabase, which is incrediblewhen you think about it. CRA inits first release is really aboutintegrating existing functionalityrather than creating newoptions. This then constitutesthe foundation for newfunctionality that will followsoon, and that will facilitate theuse of many services providedby IT, such as single sign-on andcoherent e-groups throughoutall IT services.

Another significant project willbe the integration of the pensionfund. We will in the first instanceoffer a human resourcemanagement and payroll servicefor CERN pensioners, and at alater stage we may extend tofinancials for the pension fund.

One of the questions we needto keep asking ourselves is:should we continue to combinebest-of-breed products fromdifferent vendors, or should wego with a single integratedsolution from one vendor? Thisyear we will conduct a businessstudy to see if there is a case forchanging our ways. At themoment we are burning around80% of our resources onmaintenance and support andhave only 20% to respond tonew requests, so anything wecan do to reduce maintenance is of interest.

Reinoud Martens, group leader

of the IT department’s AIS group.

Computing featured in this month’s CERN Courier The articles listed below appear in the April 2006 issueof CERN Courier. Full-textarticles and the rest of theissue’s contents are availableat www.cerncourier.com.

Computing News● BIG GRID gets grant for e-scienceThe BIG GRID consortium hasbeen awarded 729 million tobuild an e-science infrastructurein the Netherlands.

● apeNEXT computers take upresidence in La SapienzaThe apeNEXT supercomputerlaboratory in Rome has 8 Tflopspower and 1.5 TB memory.

● Volunteers use own PCs toanalyse cosmic dustStardust@home participantsare actively involved in thesearch for interstellar dust.

● Computing Grid succeeds in onegigabyte-per-second challengeThe Worldwide LHC ComputingGrid collaboration completesLHC service challenge.

● EGEE goes globalEGEE’s Grid extends to China,Latin America, the Baltic Statesand the Mediterranean area.

● Open Science Grid electsmanagerial teamThe new team will lead theOSG’s operation and expansion.

Calendar of events

Feature articles● Networking tackles the LHCchallenge The requirements of the LCGhave changed the way that HEPnetworking is organized.

● Counting on uncertaintyQuantum computing: betweenphysics and computer science.

Following last issue’s article“CNL celebrates 40th birthday”,we will continue to delve intothe archive to bring youcuriosities from the early yearsof computing at CERN. Lastissue we reprinted stories andphotographs from the 1960s,and this issue we will turn thespotlight on the 1970s.

Ferranti EP140 microfilm plotter“For the first time as far as weknow, the EP140 at CERN hasbeen used to make a motion film.A description is given in a paperby P Lapostolle and R Le Bail,entitled ‘Two-dimensionalcomputer simulation of highintensity proton beams’, whichwas presented at the FirstEuropean Conference onComputational Physics, Geneva,10–14 April 1972.” (May 1972)

Who uses the computer time? “With the intention of matchingsome real numbers againstpeople’s guesses as to who usesthe time on central computers,the attached figure [notreproduced] shows the CP timeused by each division of CERN in1974 up to 1st December... 80%of the used time goes to thephysics divisions, NP (46%) andTC (33%)...

“The CP time attributable tothe computing ‘divisions’ ofCERN... amounts to some 11% of which a fair fraction should be considered strictly assystems overhead, and a furtherfraction is work performed forphysics groups. Acceleratordivisions have used a combinedtotal of ~7%... The Theorydivision have used only 1.8%.Clearly the theorists are thinkingrather than computing.” (December 1974)

Archiving and rationing of tapes“At present over 100 000 reelsof magnetic tape (60 000 inactive storage, 10 000 in closedshop, 15 000 in 17O traffic slotsand 17 000 in archive) are storedfor users by DD in the 513computer centre building. Allavailable storage space ispresently full, and it is onlythrough the good will andcooperation of a few users, whohave large numbers of tapes,

Computing at CERN in the 1970s

The computing centre was enlarged with the installation of a CDC 7600,

which is shown here during its assembly in February 1972.

The magnetic-tape storage vault in the Computer Centre (March 1974).

A course in computer science

organized by the Training and

Education Service (January 1975).

The Computer Science Library

(CSL) in the Computer Centre

(December 1973).

The remote input/output station in

building 112 was used to submit

jobs to the CDC 6500 and 6600.

The prototype SPS control desk is

shown under test with the NORD-

10 computer (December 1973).

CNL archive

3CERN Computer Newsletter • Apr i l–May 2006

that we have been able tosurvive over the past year and ahalf and still allocate tapes andcorresponding slot numbers(VIDs) on request... Thecomputer Users AdvisoryCommittee agreed in 1975 thatspace in our 513 vault should berationed to an approximate limitof 50 000 slots for active tapes.We are well above this limit anda tape archiving exercise... willbe performed in two steps.”(May 1976)

For messy programmers“The first reaction of someonewho is presented with a‘finished’ or ‘working’ programis normally completeamazement that such a frightfullash-up could ever succeed. Sowhy not make all your sourcecode look as if it really wasdesigned that way by making itas legible as possible? A newfacility, INDENT, is nowavailable on all CDC machineswhich automatically indents DO-loops by 5 columns, so that innested DOs the statementsbegin in columns 7, 12, 17...depending on the depth ofnesting.” (April 1978)

Online Computer Newsletter (OCNL)“This is a new CERN DDpublication which will containarticles and news items ofinterest to users of the variousmini- and midi-computers in useat experiments around CERN.The intention is that it shouldfulfil the same function for suchsmaller computers as the CNL

does for the large central CERNIBM and CDC computers.”(January 1979)

NAG program library now availableat CERN“The NAG (Numerical AlgorithmsGroup) Program Library has nowbeen installed on the CDC 7600and on the IBM system at CERN.This library is a large andcoherent collection of high-quality subroutines fornumerical and statisticalanalysis. It is the fruit of manyyears’ work by nearly all theBritish universities, and iswidely distributed(commercially) around theworld.” (May 1979)

Announcements & news

4 CERN Computer Newsletter • Apr i l–May 2006

The Lightweight DirectoryAccess Protocol (LDAP) providesan address-book service for mailclients other than Outlook andWebmail. Following itsannouncement at the DesktopForum in November 2005 (http://indico.cern.ch/conferenceDisplay.py?confId=346), the new LDAP server hasbeen progressively put intoproduction since 15 February. It replaces the outdated existingservice (both its hardware and software).

LDAP uses a redundant designfor improved availability. Overthe last few months it has beentested intensively by several

end-users, and we expect thetransition to be transparent.

The service is based on theLDAP standard schema, whichsupports different-use caseswith LDAP-enabled applications.Although the content is slightlydifferent, it will work as beforefor searches related to e-mailaddresses. Since March theLDAP data has been managedand retrieved from the newComputing ResourcesAdministration (CRA) system.

The service has been testedwith Mozilla, Mail for Mac OS Xand Pine. Some minor side effectswith Pine have been documented(http://cern.ch/mmmservices/

Help/?kbid=022030). Please note that LDAP

supports authentication usingNICE log-in and password. Asagreed by the Desktop Forum,from June a successfulauthentication will be requiredto access the directory fromoutside CERN. Anonymousaccess is still possible fromCERN’s internal network. Detailsabout how to enable LDAPauthentication on your mailclient are available from theWeb page mentioned above.

Any problem with LDAP shouldbe reported to the Helpdesk orto mail.support@cern.ch.The CERN mail team

In the November 2005 issue ofCNL we gave you early warningthat new software would beintroduced to improve theadministration of computeraccounts. This software, called Computer ResourcesAdministration (CRA), wasintroduced in mid-March,replacing the nearly 20-year-oldOracle-based Computer CentreDatabase (CCDB) and its userinterfaces, userinfo and userreg.

The new interface for users isan Administrative InformationServices (AIS) Web application,http://cra.cern.ch/. To use theapplication you will need toauthenticate your AIS account.AIS accounts have been createdfor users who already have aNICE account and use a NICEuser name and password. Peoplewithout an AIS account can asktheir group administrator to

create one for them. New userswill automatically get an AISaccount when they first register.

The options displayed by CRAwill depend on the role of theauthenticated user. End-userswill see at the left of the screenthe following options: ● User Info, for displaying youraccount information (My Details)and the option of updating youre-mail address and nickname;● Quota, for requesting a changeto your AFS quota; ● Service Account Request.

In addition, Computer Groupadministrators will be able tocreate accounts, protect specialaccounts, and manage AFS space.

By the time this issue of CNL

is published the automaticaccount clean-up features willprobably be enabled. Theseinclude the blocking of unusedaccounts and those of people

whose registration at CERN hasexpired. The clean-up featureswill be applied first to the ITDepartment and later to the restof CERN. Warning e-mails will besent to users and theirsupervisors at least one monthbefore any accounts areblocked. For more information,see www.cerncourier.com/articles/cnl/2/11/6/1.The CRA and Registration teams

● Please note: in order to receivewarnings, external users areencouraged to use the CRAinterface to check theirregistered e-mail address andensure that it is correct. It isbelieved that some users havethe wrong address registered inthe central database, which is used by both the Users Officeand an increasing number of applications.

CRA account tool comes into effect

New LDAP server fore-mail address book

The IT DES Oracle Support teamis pleased to announce a newseries of Oracle tutorials, withthe proposed schedule:

March30: Design, Arash Khodabandeh. April20: SQL I, Eva Dafonte Perez. 27: SQL II, Lucia Moreno Lopez. May4: Architecture, Montse Collados.11: Tuning, Michal Kwiatek. June1: PL/SQL I, Eva Dafonte Perez.

8: PL/SQL II, Nilo Segura. 15: Oracle tools and bindingswith languages, Eric Grancherand Nilo Segura.

These tutorials will take placein the IT Amphitheatre (building31/3-004) and will start at10 a.m. They will last aboutone hour, with extra time for

questions. There is no need toregister in advance.

You can access the 2002–2003 sessions at http://it-des.web.cern.ch/IT-DES/DIS/oracle/tutorials.html.

For more information, pleasecontact Catherine.Delamare@cern.ch.IT DES Oracle Support team

E-mail is an important vector ofviruses and is the origin of manysecurity incidents that affect thewhole user community at CERN.

One preferred way for virusesto propagate is through the useof non-authenticated mailprotocols. In addition, non-encrypted protocols send users’credentials over the network inclear text, which may enablepasswords to be “sniffed”.Therefore we stronglyrecommend using authenticatedand encrypted protocols forsending and retrievingmessages, as well as for usingthe mail address book.

These protocols are already thedefault for CERN Outlook users.They can easily be activated inPine, Mozilla and Mac Mail bychanging the configuration toenable a security option (SSL or TLS) for each affectedprotocol: SMTP for sending,POP/IMAP for retrieving, andLDAP for address look-up.

For details about theappropriate configuration, seethe help page at http://cern.ch/mmmservices/Help/?kbid=191040. Most users will alsofind tools there that will enablethem to update automaticallythe settings of their mail client.

Over the coming weeks, ifyour client is not securelyconfigured you may receive ane-mail from Mail-service@cern.chwith instructions on how tocorrect it.

From June, access to mailservers from outside CERN willbe restricted to mail clients thatare correctly configured, asdescribed in the help pagementioned above. The long-termaim is to stop all use of insecuremail protocols.The CERN mail team

Oracle supportprovides a rangeof new tutorials

CERN urges mailclients to usesecure protocols

Physics computing

5CERN Computer Newsletter • Apr i l–May 2006

The Large Hadron Collider (LHC)will begin operation in 2007 and is expected to produce15 PB of experimental data eachyear. At least one copy of thedata will be stored on tapebecause this method is stillcheaper than disk.

At the beginning of 2005CERN’s tape-storageinfrastructure for experimentswas provided by 10 SunStorageTek Powderhorn silosand 44 9940B Sun StorageTektape drives. This infrastructurecan store around 4 PB of datausing approximately 20 0009940B tapes. The Sun StorageTekPowderhorn is due to reach theend of its life in 2009, andtherefore the replacement of therobots and tape drives has to beplanned to avoid disruptionsduring the operation of the LHC.

What are the options?The process of selecting tapetechnology for LHC was initiatedin the first months of 2005. Theaim was to determine whichequipment would best suit thecomputing requirements ofCERN’s high-energy physics(HEP) environment, which hastraditionally involved a largeamount of random reading ofdata from tapes. This differsfrom the common tape-driveusage pattern of data back-up,where data is written once andrarely read back. It is widelyargued that lower-cost drives(such as LTO, which is popularin the world of “back-up”) are

not entirely suited to CERN’spatterns of use.

Few companies share the highend of the tape automationmarket. Two tape robots wereselected from this restrictedgroup for testing at CERN’scomputer centre. One is the IBM3584 tape library, which in itsmaximum configuration cancontain about 6000 cartridgesand supports IBM’s high-endand LTO tape drives. The secondis the Sun StorageTek SL8500tape library. In its maximumconfiguration this can containapproximately 300 000cartridges and accommodate2048 drives. It supports recentSun StorageTek drives, as wellas LTO and SDLT tape drivesfrom other vendors.

The current candidates for thetape drives that will record LHCexperimental data are theenterprise-class drives from IBMand Sun StorageTek. These arethe IBM 3592 EO5, which has a

native data rate of 100 MB/s;and the Sun StorageTek T10000,which has a native data rate of120 MB/s. Both of these drivesuse a 500 GB capacity cartridge.The “commodity” LTO3 tapedrive is also being evaluated.This offers a native data rate of 80 MB/s and a 400 GBcapacity cartridge.

We now have two testlibraries at CERN. One is an IBM3584 library configured withsome 6000 storage slots andequipped with 40 IBM 3592 EO5tape drives. This represents thebasic building-block of a potentialIBM solution for LHC datastorage, which would consist ofas many of these independentlibraries as was needed. Thesecond is a Sun StorageTekSL8500 that is configured withabout 8000 storage slots andequipped with 12 T10000 tapedrives and 21 LTO3 tape drives.This represents the basis of apotential Sun StorageTek

solution to the same problem.The configuration exploits adifference between this and theIBM option, as the basic SunStorageTek libraries can beinterconnected by a “pass-through” mechanism thatenables the assembly of a muchlarger single library. To test thepass-through capabilities of theSL8500, some 4500 9940Bcartridges and 10 9940B drives have been moved intothis library and are runningnormal production.

These configurations arebeing used to determine theperformance, robustness andease of administration of robots,tape drives and media so thatwe can choose the most suitableequipment for storing data fromthe LHC experiments. We areparticularly interested in findinghow to best integrate thesehigh-speed storage devices intoCERN’s CASTOR HierarchicalStorage System to profit fromtheir different characteristicsand achieve the optimumstorage performance.

The definitive outline of thefuture configuration of CERN’stape infrastructure will only beknown later this year. What isalready certain is that tape, whichhas been used for storage sincethe introduction of computing atCERN, will continue to play animportant role in the storage ofLHC data, whichever equipmentis selected.Hugo Caçote and Charles Curran, IT-FIO

New tape storage for LHC era

The Sun StorageTek SL8500 tape library in the Computer Centre.

In the November–December2005 issue of CNL (“CERNexplains its Linux strategy: SLC4or SLC5?”) it was hoped thatScientific Linux 5 (SL5) would befully certified for use by autumnthis year, enabling us to skip thewidespread deployment of SLC4.

However, Fermilab and CERNLinux experts now expect RedHat Enterprise Linux 5 (RHEL5)and hence SL5 to be availableonly at the beginning of 2007.Hence, the CERN-certifiedvariant of SL5, SLC5, could atthe earliest be available at the

end of the first quarter of 2007.This is clearly too late to providea stable start-up Linux platformfor the Large Hadron Collider(LHC), and it is equally clear thatit is not possible to stay withSLC3, as this is supported onlyuntil the end of October 2007.

SLC4 for LHCTherefore time must be found inthis year’s busy schedule for amigration from SLC3 to SLC4.This does not imply that all ofthe LHC Computing Grid sitesalso need to migrate to a new

operating system, and still lessthat they all migrate to SLC4.However, even a CERN-onlymigration requires co-ordinationwith our partners.

The CERN Linux team wants toraise awareness of this issue,and discussed it with the LCGGrid Deployment Board (GDB) atits meeting in March, thus givingtime for sites and experimentsto prepare. The CERN Linux team hopes that the GDB will beable to agree on a time windowfor migration at the latest at itsApril meeting, which will be

held jointly with HEPiX. By the time you read this,

SLC4 should be certified (seehttp://cern.ch/linux/slc4 forexact status).

For an overview of theScientific Linux releases and thesupport periods for each of thesereleases, see the DistributionRoadmap page at http://www.scientificlinux.org/distributions/roadmap. Please note that thisis just a plan. It cannot beguaranteed because there are toomany factors that may affect it.The CERN Linux team

Linux update: CERN to migrate to SLC4 this year

6 CERN Computer Newsletter • Apr i l–May 2006

The view from the experimentsThis article is based oninterviews with computing co-ordinators from ALICE,ATLAS, CMS and LHCb. Theyshared their thoughts on theiruse of the LHC Computing Grid(LCG) to date, as well as thechallenges that lie ahead.

The good newsLCG was launched as a service inSeptember 2003, and since thenmuch has been achieved. One ofthe quantitative highlights hasbeen the production by allexperiments of tens of millionsof Monte Carlo simulationsusing LCG, NorduGrid and theOpen Science Grid (OSG) – thethree types of Grid that underliecomputing for the LHC.

Dario Barberis, the computingco-ordinator of ATLAS, explainedthat ATLAS produced 10 millionevents in 2004 during DataChallenge 2. From January toMay 2005 it produced about12 million more events, whichwere analysed at a workshopheld by ATLAS in Rome last June.

“One of the main achievementsof the Rome production was thatwe ran with peaks of more than10 000 jobs a day,” said Barberis.ATLAS is preparing another largeproduction for this spring, whenthe detector’s real geometry(including the sagging, distortionsand misalignments that arebeing measured as the detectoris assembled) will be used totest the alignment proceduresand calibration algorithms underrealistic conditions.

CMS has used LCG and OSG toproduce about 60 million MonteCarlo events, to prepare thePhysics Technical Design Report,said CMS computing co-ordinatorLothar Bauerdick. The CMScollaboration is now starting topush this data through the Gridto simulate analysis. Theanalysis is revealing fragilities inthe infrastructure, but, saidBauerdick, “people aresuccessfully running jobs,especially if they are not afraidof the technology.”

It is perhaps surprising todiscover that LHCb – the smallestof the four collaborations – has sofar been the major user of LCG’sCPU resources. LHCb produced in

the order of 100 million eventsin 2005 alone. LHCb began torun Monte Carlo simulations in2003, accessing resourcesmainly outside LCG using Dirac,LHCb’s workload managementsystem. “Over time this hasswitched, and we are now over95% on LCG,” said Nick Brook,LHCb’s computing co-ordinator.The experiment even plans touse its online farm of 1800machines, comparable to someLHCb Tier-1 centres, for datareprocessing during shutdowns.

Using an agent-basedapproach to submitting jobs hasbeen very successful for LHCb.“What we submit to LCG is notthe jobs themselves but anagent, which queries the centralDirac system, asks ‘Have you anywork for me?’ and downloadsand runs the job,” said Brook. Thewrapper around the agent teststhe local environment to find out,for example, if there is enoughdisk space, and if the relevantsoftware is installed. If a job dies,only the agent is lost. “This buildsan extra layer of robustness intoour model,” said Brook.

ALICE has successfully testedits I/O solutions for access todata, and has achieved a goodworkload distribution bycombining LCG with its owncentral task queue technology.During its data challenges ALICEhas achieved 3700 jobs runningin parallel. “This is significantbecause these are substantialjobs, typically taking eight hoursor more to complete,” saidFederico Carminati, the computingco-ordinator of ALICE.

Carminati recognizes that working closely with the ITDepartment during datachallenges has helped to achievesuch targets and increaseconfidence in LCG. “People havebeen extremely helpful andresponsive,” said Carminati.“This has been a very successfulcollaboration.” He added thatthe belated but high-qualityrelease of CASTOR-2 was acritical step forward for ALICE.This experiment must push datarates to mass storage fromhundreds of MB/s, the level sofar achieved, to 1.25 GB/s, whichis anticipated in ion runs.

Lessons learnedLooking at the bigger picture ofhow LCG has evolved, Carminatisays that “we now have a solutionthat is both intellectually andpractically satisfactory.” Heviews as key the decision byLCG’s management to establisha baseline services workinggroup so that experts couldfocus on constructing a solidfoundation. Rather than trying toprovide all imaginablefunctionality at once, the targetshave been file transfer, workloadmanagement, accounting,security, monitoring andinformation systems. Thesebasics have to be rock solid andtransparent to users if theexperiments are to build on this.

As time goes by, more of thehigher-level functionality thatthe experiments are nowdeveloping independently willmove to the base services and beshared. Everyone will benefit

from this because redundantfunctionality will be eliminated,thereby freeing up resources inthe experiments. “This is one ofthe big gains of the Grid,” saidCarminati. However, he regretsthat it took so long for all involvedto focus on the essentials.“Everyone thought they couldprovide a complete solutioneasily,” he said, “but the problemwas much more complicatedthan anyone expected.”

For Brook, the issue now is tohide the complexity from endusers, so that the switch fromtraditional modes of analysis tosubmitting via the Grid occursrapidly. LHCb and ATLAS aredeveloping a user interface calledGANGA, supported by bothGridPP and EGEE, to handle this.“Once we convince users toswitch to GANGA, the details ofthe back-end will no longermatter, whether it’s LSF, anotherbatch system or the Grid,” saidBrook. He noted that GANGA testusers are knowledgeable andhave intricate use cases, whichtends to complicate matters,“although it is useful for shakingdown the system”.

Barberis pointed to anotherlearning curve that he has hadto deal with; namely, thedifferent expectations of theGrid middleware developers andthe people developing softwarein the experiments. “Some ofthe functionalities we had hopedto get two or three years ago arestill not in sight because thesethings were low priority at theoutset,” he said. The need forthem is becoming much moreurgent as the experimentsapproach full production, butthe developers are notnecessarily aware of this.

As an example, Barberis citedthe functionality of sending ajob to where the data is. Thiswas requested during EDG, theDataGrid project that precededEGEE, but was always consideredlow priority. This was becausedata transfer was not critical for the large Monte Carlosimulations that characterizedearly Grid use; these requiredrelatively little data and greatamounts of CPU. But for analysisjobs, which take perhaps a

Rome production(mix of jobs)LCG

NorduGridGrid3

Data challenge 2(short jobs period)

Data challenge 2(long jobs period)

14000

May2005

AprMarFebJanDecNovOctSepAugJul2004

12000

10000

8000

6000

4000

2000

0

jobs

/day

Jun

ATLAS record of the number of computing jobs per day from July 2004

to June 2005, with peaks above 10 000 during the Rome production.

LCG news

thousandth of the time ofsimulations, “you can spendmost of your time waiting for afile to arrive”, said Barberis.“We want the job to go wherethe data is, even if it has to waitthere a while, rather thancongesting the network withuseless data transfers.”

Getting this sort of messageacross to the middlewaredevelopers is mainly a questionof improving communicationchannels. Barberis is optimisticthat the recent creation of theEGEE technical co-ordinationgroup, a forum that providesmore direct contact between theexperiments and the developers,will help with this.

Bauerdick pointed to anotherkey lesson learnt from usingLCG: it is important to start testseven when the system is far fromperfect. Users at Fermilab havebeen encouraged to test theCMS system even though jobcompletion rates are low, ataround 70%, owing to variousissues, some of which are on theCMS side. One unexpectedresult of such testing occurredwhen, owing to a bug, usersproduced 10 times theiranticipated I/O. “We eventuallyfixed the bug,” said Bauerdick,“and in the meantime we stresstested our I/O, and this alsohelped us debug our storagesystems.” While such accidentsare hard on today’s users, theyare beneficial in the long term.

The benefits of WLCGAn important developmentremarked on by severalcomputing co-ordinators was theestablishment last November ofthe Worldwide LHC ComputingGrid (WLCG) collaboration. TheWLCG unites the stakeholders inLCG/EGEE, OSG and NDGF (theNordic Data Grid Facility) in acollaborative framework that issimilar to the one adopted bythe experiments.

Barberis noted that ATLAS is a big user of all threeinfrastructures, and said thateach Grid infrastructure cateredto a different type of centre.“The NorduGrid software hasadvantages for small institutesbecause it is easy to set up.With one machine you canrealize a gateway between theGrid and your centre,” he said.In contrast, LCG’s software ismore invasive but better

adapted to being deployed on dedicated large facilities,because it provides a moreuniform environment. “OSG hasmuch in common with LCG/EGEE,but OSG decided not to developa higher-level layer,” he said.This means that there is noresource broker – ATLAS userssimply decide which sites to usewhen they submit a job.

Bauerdick is pleased with theprogress in interoperability thatWLCG encourages. “LCG hasreally embraced interoperability,”he said, “and as an experimentwe are already using both LCGand OSG for analysis.” However,he argued that although thecollaboration is working well, “itis important that participantshave the spirit of doing the LHC,not just doing the Grid”. Bauerdickis trying to bring operations staffin Tier-1 centres to CERN so thatthey can see the detectors, “toshow them how wonderful thisis, so they really buy into gettingthe LHC computing working”.

Immediate challengesThe computing co-ordinatorstend to agree on the two bigchallenges facing LHC computingover the next 18 months or so,in the run-up to first beam.

The first challenge is to providea stable Grid service. Accordingto Barberis, “robustness isdifficult to achieve in a Gridenvironment, and we still sufferfrom a mishap somewhere in theworld bringing the whole systemdown.” Brook is worried that“centres that have never run24/7 must now provide a stableservice, which means theycannot take down services atminimal notice, they have to

stick to the service agreements”.The second challenge is to

scale up from today’s smallnumbers of test users – typically20 or 30 for each experiment – tothe large numbers expected oncedata starts to flow. For LHCb,more than 150 people couldbecome active on the Grid; forALICE, it is several hundred; andfor CMS and ATLAS the numberis probably about 1000. Part ofthe problem is that there is a gulfbetween the technophile testusers who are debugging thesystems and the professors inremote institutes who are tryingto run jobs for the first time.

“We do not know whether the typical end user will haveefficient access to the data;whether the analysis will beeasy or difficult,” said Carminati.ALICE is just starting to open upfor users, with up to 100expected over the comingmonths. “We really need tounderstand the pathologies,”said Carminati. For example,what happens when a non-expert user accidentally submitsan inordinate number of jobs?

Bauerdick is concerned thatwith the many different layers ofsoftware involved, it will bedifficult for new users to knowwho to talk to when problemsoccur. “We need an end-to-endtriage system to deal withqueries,” he said, “and we lackthe ability to do errorpropagation to the point whereyou can solve problems.”

Carminati highlighted anotherpotential problem: “experienceshows that every time we reacha new threshold for the numberof users of a system, wediscover new limits. Most of the

time we can fix these, but whatif we discover a fundamentallimit that invalidates ourdesign? We cannot fix this byjust adding horsepower.”

Countdown to physicsDespite these concerns, thesense of excitement and urgencyis palpable in the computing co-ordinators’ descriptions oftheir plans for the months ahead.For example, both ATLAS and CMShave already begun measuringcosmic rays. CMS will start tosee muons going through severaldetectors by April. For ATLAS, amajor cosmic ray run is plannedfor the autumn, when moredetectors are installed. The datawill be at a rate of about 1 Hzrather than the 200 Hz plannedfor when the LHC starts up, but,as Barberis said, “it is criticalthat the offline computing isfully operational for this, sincethis is real ATLAS data.”

Looking beyond this, Bauerdickhas his sights on the start-up ofthe LHC. “Even in the first fewweeks we will be looking forexotic signatures,” he said. “Thedifficulty will be to understandthe detector well enough to knowwhether what we are seeing isreal.” Although the Higgs particleis unlikely to turn up in the early data, the supersymmetricsquark and gluino, should they exist, are expected to giverise to spectacular signatures in the detectors.

CMS and ATLAS are not alonein expecting early results. Brooksaid that one of the things LHCbwill be looking for is BS–B

–S

oscillations with periods up toabout 70ps. “If the Tevatron doesnot beat us to this, this may be anindication of new physics beyondthe Standard Model,” said Brook.

ALICE will also be looking forinteresting events from day one.As Carminati noted, “we have anexcellent tracking system, whichmeans that we are in a goodposition to exploit the first low-luminosity proton runs.” Theseruns will also help to prepare forthe much more complex ionruns, which could start at theend of 2007.

Bauerdick summed up themood when he said, “we cannotafford to use the first data totest the computing models,because that data may be thekey to a discovery.” François Grey, IT/DI

7CERN Computer Newsletter • Apr i l–May 2006

A simulation of a Higgs event produced during a CMS data challenge.

LCG news

8 CERN Computer Newsletter • Apr i l–May 2006

Conference reports

Computing in High Energy andNuclear Physics (CHEP) is amajor series of internationalconferences for physicists andcomputing professionals in thefields of high-energy and nuclearphysics, computer science andinformation technology.

CHEP’06 took place on 13–17 February in Mumbai,India. It was held in the TataInstitute for FundamentalResearch (TIFR), which iscelebrating its 60th anniversarythis year. An unusual event atthe end of the conference was avisit by the Indian president, H E Dr A P J Abdul Kalam.

The organizers estimated thatabout 500 people attended theconference. This includedseveral who only attended thepre-conference LHC ComputingGrid (LCG) Service Challengemeeting, and others whoparticipated in the CHEP’06preconference school. As was tobe expected, more than 50% ofthe papers presented at theconference referred topreparatory work for one or the other of the Large HadronCollider (LHC) experiments.

Opening speechesThe conference was opened bythe TIFR director, Prof. SBhattacharya, who spoke of theinstitute’s history and how andwhen it became involved withhigh-energy physics (HEP),among other areas of science.He noted that this would be thelast CHEP before the start-up ofthe LHC, and said that TIFR wasproud to host the conference.

The TIFR director was followedby several other local dignitarieswho noted the importance ofgrids and Grid software formodern experimental teams – in HEP and in other disciplines,and increasingly beyond science.It was noted that TIFR is a Tier-2site for CMS, with a gateway forthe ALICE group in Calcutta.

Opening the plenary sessions,CERN Chief Scientific Officer Jos

Engelen spoke about the statusof the LHC. First of all hedetailed the progress made ininstallation and testing, and thepilot run that is planned for2007, and then he talked aboutthe status of the experiments.

The following are highlights of the plenary sessions:● Jamie Shiers (CERN/IT)reported on the readiness of thecomputing infrastructure forLHC. He said that the technicaldesign requirements of theexperiments were now exercisedin a series of LCG servicechallenges in a production-likeenvironment. The most recentservice challenge achieved anaggregated 1 GB/s to the Tier-1sites and up to 200–250 MB/s to

individual sites. Jamie said thathe was “cautiously optimistic”,although there was still muchwork to be done. ● Paris Sphicas (CERN/PH) fromCMS described the readiness ofthe experiments’ software, andsaid that the common softwareapplications area projects (SPI,ROOT, POOL and the simulationtools) were advanced and beingused across the experiments. Hereported that analysis softwarewas progressing with a commonunderstanding of the format ofthe data to be used; Geant4 wasdeployed across all experimentswith good progress in datageneration; so-called fastsimulation was less welladvanced and was at different

levels in different experiments;and software performance wasbecoming the main challenge.Paris confirmed Jamie’s fears ofa data-intensive start-up despiteexpected initial low luminosity.He explained the physics that isexpected, and noted that atleast one experiment (ALICE) isexpecting to publish two paperswithin one to two weeks of thefirst collisions. ● Beat Jost (CERN/PH) reviewedfuture data-acquisition systems,both for the LCG experimentsand for other, non-CERN plannedor projected experiments up tothe International Linear Colliderin 2017. ● Liz Sexton-Kennedy(Fermilab/CMS) gave a review ofevent-processing frameworks. ● Martin Purschke (BrookhavenNational Laboratory) presentedsome experiences from thePHENIX experiment at BNL,which is taking data at ratesapproaching those of the LHCexperiments. ● Harvey Newman (Caltech)reviewed the status ofworldwide networking for HEP,and noted the recent rapidgrowth in traffic following theroadmap predicted by variousreviewers at previous CHEPs. ● Les Robertson (CERN/IT)reviewed the status of the LCGservice, showing the linksbetween LCG and the differentphases of the EGEE (EnablingGrids for E-sciencE) project. Hecompared the performance ofLCG to the Gartner curve ofhighs and lows of performanceof a new project over time. ● Ruth Pordes (Fermilab)described Grid interoperabilityas seen from the US.Interoperability inevitably meanscollaboration and includeshuman and social factors, shesaid. These lead to gateways,resource interfaces andoverlapping services, all ofwhich use a common networkfabric. This involves in-depthtesting, demonstrating that it

CHEP’06 anticipates thestart of LHC experiments

The president of India, Dr A P J Abdul Kalam, gave the farewell address.

A delegation from CERN visited the president in Delhi after CHEP’06.

9CERN Computer Newsletter • Apr i l–May 2006

Conference reportsworks in practice, as well ascontinual communicationbetween the partners. LCG is a pioneer in showinginteroperability between grids on different continents. ● Rene Brun talked about “ROOTin the era of multi-core CPUs”.Assuming that vendors’ claimsfor multi-cores are correct, therewill be an impact on ROOT, hesaid. However, to use this,applications must be multi-threaded (a future developmentof PROOF for example). Thepowerful multi-core PC, or alocal cluster of these, isinherently less complex than agrid and could therefore be aneasier alternative.● Wolfgang von Rüden (the headof CERN IT Department) gave apublic lecture “From WWW tothe Grid” in which he drewparallels on how the latter mayone day affect our everyday livesjust as the Web does now.● Randy Sobie (University ofVictoria, Canada), the new chairof the International High EnergyPhysics Computing CoordinationCommittee, gave a short reviewof its activities.● L Kathragadda (from the IndianGoogle research group) talkedabout data mining. He noted thatpower consumption is a majorissue and will become more so.

Business talkUnusually, the CHEP plenarysessions included three“commercial” presentations:● Tony Hey from Microsoft gavea talk on “e-Science andCyberinfrastructure” and spokeabout Microsoft’s commitmentto working with the open-source

common standards community. ● David Axmark, the co-founderof the company behind MySQL,described storage engines thathave been developed andoptimized for differentenvironments, ranging from HEPto banking. He also presented alist of new features that appearin version 5, and other featuresthat will come in future releases.

● Alan Gara of IBM spoke aboutsupercomputing and showedseveral of the scientificchallenges for which high-performance computing isrequired. He described somerecent supercomputers, such asASCI Purple and Blue Gene(which has 32 TB of RAM).

As noted earlier, the presidentof India came on site on the last

day of the conference to give thevaledictory address. His talk,which was illustrated withscreen shots of LCG monitoring,was about the knowledge gridand how it could be used to helpin India’s development. Thepresident finished his talk withthese words: “My best wishes toall the participants of thisconference for success in theirmission of removing the digitaldivide among the scientistslocated in different parts of theworld leading to path-breakingdiscovery in the area of high-energy and nuclear physics.”

You can browse or print thepresident’s full presentationfrom his website at www.presidentofindia.nic.in/scripts/sllatest1.jsp?id=734.

We do not have the space tosummarize the many talks thatwere given in parallel sessions(eight parallel streams were heldover four and a half afternoons).The talks covered many areassuch as distributed eventproduction and processing,software components andlibraries, computing facilitiesand networking, Gridmiddleware and e-Infrastructureoperation, and online systems.

For details of these talks youmay refer to the Report on the

Mumbai CHEP’06 Conference,written by Alan Silverman andwith compiled contributions byM Kwiatek, G McCance,I Papadopoulos and B Tomlin. Thereport is available on the CERNComputing Seminars website athttp://cern.ch/cseminar/2006/0303/trip_report.pdf.Alan Silverman, IT/DI; NicoleCrémel, IT/UDS

The president spoke about collaborations between CERN and India.

The first User Forum of theEnabling Grids for E-sciencE(EGEE) project was held on 1–3 March at CERN in Geneva,Switzerland. The event coincidedwith a significant milestone forthe EGEE project, as the totalprocessing power achieved bythis Grid infrastructure nowexceeds 20 000 CPUs on average.

The forum brought togethermore than 240 people – bothfrom the established EGEE usercommunity as well as new usersfrom academia and industry – toshare their experiences and setnew targets for the future.

Discussions included theevolution of existing scientificapplications that have been“gridified” to work on thisinfrastructure. Also discussedwas the development anddeployment of new Gridmiddleware and applications infields such as life sciences,computational chemistry, earthobservations, astroparticle andparticle physics, and fusion.

The forum was the first in aseries of planned events forusers that will take place duringthe second two-year phase ofthe EGEE project (EGEE-II).

Negotiations with the EU forEGEE-II are very advanced, afterthe project passed its secondreview by EU-appointed Gridexperts in December 2005. Thesecond phase of EGEE started on1 April to ensure a seamlessservice to current EGEE users.

“This event marks thebeginning of a new phase in theevolution of scientific Grids,” saidIBM Grid strategist Jean-PierreProst (IBM Products & SolutionsSupport Center, Montpellier,France). “The underlyinginfrastructure is now in place,and increasingly real users

– both academic and industrial –will be driving the furtherdevelopment of the technology,with their expanding range ofrequirements for scientificcomputing and data processingusing Grid technology.”

The next major EGEE eventwill be the EGEE’06 conferenceon 25–29 September in Geneva,Switzerland. This will highlightthe range of related projectsthat EGEE has helped togenerate, and the broadspectrum of user communitiesthat are involved.Hannelore Hämmerle, IT/DI

EGEE User Forum marks a new phase for Grids

Attendees participated in a discussion after the president’s speech.

Technical briefs

10 CERN Computer Newsletter • Apr i l–May 2006

BOINC (Berkeley OpenInfrastructure for NetworkComputing) [1] is an open-sourcesoftware platform for distributedcomputing that employsvolunteered computer resources.It uses idle CPU cycles ofparticipating computers toperform scientific calculations.

BOINC can be seen as aspecialized Grid that is suitablefor running applications that are“pleasantly parallel”, so thatcalculations can be distributedto thousands of machines thatdo not communicate with eachother. Such a configuration isideal for compute-intensivetasks with modest input/outputneeds. Nevertheless, the BOINCinfrastructure is simple andrequires only one server,although this can be distributedto several machines forperformance reasons.

The applications that are runin a BOINC project must havepublic appeal so thatparticipants are willing tovolunteer their resources.Outreach is an important part ofthis kind of project, to give thepublic a sense of directparticipation in a scientificproject. Attractive screen saversare often provided, togetherwith a credit-based rankingsystem for users.

Successful projectsThe first project to run on BOINCwas the famous SETI@home,which analyses data taken fromradio telescopes looking forextraterrestrial intelligence. Theproject has delivered more than9 million years of aggregatecomputing time and hasattracted more than 5 millionvolunteered CPUs. BOINC is nowbeing used by many projects indomains such as physics,medicine and climate prediction.

One of the leading BOINCprojects is CERN’s LHC@home[2,3]. Its first application hasbeen SixTrack, which simulatesparticles circulating around theLarge Hadron Collider (LHC) ringto study the long-term stabilityof the particle orbits. Otherapplications of interest to high-energy physics are beingprepared. At the moment, the

system has about 14 000 activeusers, 25 000 active hosts andcan provide more than 5 Tflopssustained processing rate. Thishas enabled the computation ofmore than 700 CPU years in afew months, assuming as typicala 1 KSfp2K CPU that isapproximately equivalent to a2.8 GHz Intel Xeon processor. Ofcourse, this power is not totallyfree, but the cost:performanceratio is positive, and this iswithout taking into account theoutreach effects. LHC@homestill has the potential to becomemuch larger if enough work isavailable to use the computingcapacity that is offered.

In this context a study hasbeen conducted into combiningpublic-resource and Gridcomputing [4]. Bridges for sendingjobs between Grids and public-resource computing projectshave been tested and built forLHC Computing Grid [5] andNorduGrid/ARC [6] middleware.

The CoLinux environment thatenables Linux to be run as aWindows kernel extension hasalso been tested for its possibleintegration with BOINC, to allowjobs to migrate with their ownoperating system.

One hundred old farm PCs inthe Computing Centre that wereto be retired have been recycledto run as BOINC clients. We aremanaging these machines usingQuattor with a BOINC client RPM(Redhat Package Manager) thatwe developed. As well ascontributing to LHC@home, thePCs are also enabling studies ofmetascheduling mechanismsthat should make it possible to

implement applications withvolunteer resourcescomplemented by limiteddedicated ones to guaranteequality of service.

A BOINC server RPM has beenproduced to automate theinstallation and management ofBOINC servers. We are testing itnow and have found and resolvedsome bugs. The RPM and thebug corrections are being fedback to the BOINC project.

Porting other applicationsAs we are exploring otherapplications that may besuitable for BOINC, we haveported the Geant4 [7] releasetest code to BOINC. Thisapplication represents asimplified test beam that is usedto validate new versions ofGeant4. The port has been donefor Linux and Windows incollaboration with Geant4developers. It was presented atthe Geant4 workshop 2005 andat CHEP 2006. The next step isto consider more realistic anduseful Geant4 models, and wehave already made first steps toachieve that.

We have also successfullyported ATLFAST 0.02.22 [8] tothe BOINC environment anddemonstrated it with a realphysics case. This is the FORTRANversion of the ATLAS Fastsimulation and reconstructionsoftware, which uses the PYTHIA6.2 [9] event generator.

The Garfield/Magboltz [10]program for simulating gaseousdetectors has been ported to theBOINC framework in co-ordination with the software’s

author. We have demonstratedreal-use cases in Linux usingBOINC in recycled farm PCs inthe Computing Centre. Althoughwe still have to do a Windowsport, we expect to receiverequests soon from the LHCexperiments for a large-scaleproduction campaign.

Preliminary contacts havebeen held with research groups in France and Japanregarding a future project calledFeynman@home [11]. The groups wish to simulatequantum processes relevant toLHC (and future acceleratorssuch as the International LinearCollider) by calculating theirFeynman diagrams using BOINC.This is a computer-intensivetask that is closely related toevent generators.

We have also helped to startup Africa@home with the SwissTropical Institute, the Universityof Geneva and two NGOs. This isin beta tests and will run agent-based epidemiological modelsof malaria.

We are also collaborating withthe Extremadura region in Spain.The local authorities are goingto install BOINC clients inthousands of machines, mostlyin schools and hospitals, to runvolunteer applications initiallyprovided by CERN. They will alsosend staff to work at CERN onBOINC infrastructure andapplication porting. To kick-startthe project, a seminar was heldat CIEMAT, the Research Centrefor Energy, Environment andTechnology, in Madrid, attendedby representatives from theregion. A shorter version of theseminar has been taught as aCERN computing seminar. Slidesfrom these events are includedin the LHC@home Twiki area,where we document all BOINC-related work at CERN [12].

We are co-operating with theIS group to deploy the BOINCclient to CERN Windowsdesktops using NICEmechanisms. We plan for aprogressive deployment that willstart on a voluntary basis in theIT Department. We willsubsequently ask for the co-operation of all CERN desktopusers in the coming months.

BOINC activities at CERN

schedulingserver

project backend

Webinterfaces

dataservers

applicationclient

client APIvolunteer

project -specific componentsBOINC components

BOINCDB

core client

BOINCserver

complex

clientcomputer

The components involved in a BOINC distributed computing project.

What is CERN Windows TerminalService (WTS)?CERN WTS enables a remoteWindows session to be run froma computer inside or outsideCERN’s domain that has anoperating system that might notbe Windows.

WTS started in April 2004.Since then 1300 users havesubscribed to it, and around 100sessions run everyday. There aremany reasons for using WTS:● You may be on an official orprivate trip and need to accessthe CERN environment (yourcalendar, mail or documentationin DFS, for example).● You want a secure way toconnect to CERN.● You need to run applicationsthat are tricky to install or thatconsume lots of resources onyour local computer.● You normally work on Linux orMac but you need occasionalaccess to some applications thatrun on Windows.

WTS offers easy and secureconnectivity, reliability, platformindependence and mobility, andhelps many CERN users in theirwork. The WTS website(http://cern.ch/wts) describesthe service and is the startingpoint for newcomers.

How can I connect?Two simple steps need to betaken before using the service:● You need to subscribe to theservice. You can do this on theWTS website. On the Tools panelclick on “Register Here” to usethe service (figure 1). This willenable your NICE account toconnect to the applicationservers (see “How does itwork?” below).● You need a remote desktopclient. Clients for Windows, Macand Linux are available on theWTS website. For Windows 2000or XP you can get the latestversion of the remote desktopclient at the computer’s controlpanel. Select Add/RemovePrograms and then look for:Microsoft Remote Desktopconnection 5.2.3790.1830English. Windows XP comes witha client embedded in it. You canlaunch it by clicking Start /Programs / Accessories /Communications / RemoteDesktop Connection. For Linuxusers, the remote desktop clientrdesktop is already included onthe CERN Scientific Linuxrelease. Mac users need todownload the client from theWTS site. If you have InternetExplorer 5 or higher you can use

the remote desktop Web clientavailable on the WTS site (figure1)to connect to the service.

A terminal-service-roaming-profile will be createdautomatically and it will be readyfor use. The profile will keepyour settings independently ofthe application server that isholding your session.

To log on to the system werecommend that you use thealias “CERNTS.cern.ch” (figure 2).The system will then place yoursession on the machine that canoffer the most resources at thetime you connect.

If you are connecting from theInternet and have installedWindows Remote DesktopClient 5.2, which is the latestversion, you can use TLS 1.0 toencrypt and authenticate theapplication server (http://cern.ch/terminalservices/Help/?kbid=020008). This avoids man-in-the-middle attacks – inwhich an attacker can read,insert and modify at willmessages between two partieswithout either party knowingthat the link between them hasbeen compromised.

Once you have opened a WTS session, your Desktop,Favourites and My Documents

folders are redirected to yourhome directory.

The Remote Desktop clientalso enables the use of localresources, such as printers,during the WTS session. Forsecurity reasons, the redirectionof local drives has been disabled.

If you would like to use aCERN printer that is not alreadyinstalled, you can request itsinstallation by sending an e-mailto WTS support (support-terminalservices@cern.ch).

What can I run?The following applications areavailable during a WTS session: ● Microsoft Office ProfessionalEdition 2003 (many of itscomponents such as Outlook areautomatically configured thefirst time you connect);● Microsoft Office FrontPage2003 tool for Web authoring;● Putty, SSH for Windows;● Adobe Reader and AcrobatProfessional for reading andediting PDF files;● CERN Phone Book;● GSView, a post script viewer;● HummingBird Exceed, foropening an X Windows sessionon the Windows operating system;● MS Project Client, a tool formanaging resources;

11CERN Computer Newsletter • Apr i l–May 2006

Technical briefsReferences 1 http://boinc.berkeley.edu2 http://lhcathome.cern.ch3 http://athome.web.cern.ch/

athome/LHCathome/whatis.html

4 https://twiki.cern.ch/twiki/pub/LHCAtHome/LinksAndDocs/ChristianSoettrupBOINCThesis.pdf

5 http://lcg.web.cern.ch/LCG6 www.nordugrid.org7 http://geant4.web.cern.ch/

geant48 http://atlas.web.cern.ch/

Atlas/GROUPS/PHYSICS/HIGGS/Atlfast.html

9 www.thep.lu.se/~torbjorn/Pythia.html

10 http://garfield.web.cern.ch/garfield

11 http://acpp.in2p3.fr/cgi-bin/twiki/bin/view/Feynman/WebHome

12 https://twiki.cern.ch/twiki/bin/view/LHCAtHome/WebHome

The CERN BOINC team

▲▲

CERN Windows Terminal Services

30000

25000

20000

15000

10000

5000

0

40

20

0

60

80

100

2005 2006

num

ber o

f LHC

@ho

me

BOIN

C us

ers

total LHC@hom

e BOINC credit (millions)

number of userstotal credits

The LHC@home website (left), the history of the

project’s users and total credits (above), and an

example of SixTrack output (below).

64.26

12

10

8

6

4

aver

age

DA (

σ)

64.28 64.30 64.32

angle

Qx

Technical briefs

12 CERN Computer Newsletter • Apr i l–May 2006

● CERN Printing Package;● DreamweaverMX, for Webauthoring;● Whip! Autodesk DWF Viewer;● WinZip tool, for compressingfiles;● HPGL Viewer;● Remedy Client tool for problemmanagement;● Microsoft Visio, which createsdiagrams and workflows;● JOracle Initiator, an Oracleplug-in for Internet Explorer;● Adobe FrameMaker, forcreating complex documentsthat can be distributed toaudiences worldwide;● Adobe Illustrator; ● Nice Alerter;● WinSCP, for connecting to AFSfrom the WTS session;● Java Run Time Environment.

You can request moreapplications at support-terminalservices@cern.ch. Allapplications are submitted tothe technical criteria of theservice. If the application cannotrun or is considered unstable ona WTS environment, it will notbe installed. Reliability andstability are a must for WTS.

For special requests a cloningservice is offered (see ourTerminal Service manifest athttp://cern.ch/terminalservices/Help/?kbid=010000). At themoment there are six clonedapplication servers.

How long does a session last?Sessions last as long as theyare active. A session willcontinue on the server when

the client disconnects (eitherbecause of a network glitch orbecause you killed the client).You can always reconnect to theapplication server when yoursession is in a disconnectedstate and continue your work.Please bear in mind thatdisconnected sessions are onlykept for 18 hours. Any unsavedwork is lost when thedisconnected session ends.

The recommended way to enda session is to log off from theapplication server in the sameway that you would log off onyour NICE computer (figure 3).

How does it work?A light client that implements the Remote Desktop protocolenables a normal desktopcomputer running Windows, Mac or Linux to connect to WTSand get a remote Windowssession. The session is identicalto the one a NICE user getsusing a Windows computer(figure 4). This means that userscan access CERN resources suchas DFS, user’s home directoryand other applications.

The applications you run inthe WTS are executed on theWindows terminal servers, andonly the display is exported toyour computer. That is why youcan use this service from anycomputer that is connected tothe Internet, whatever itsoperating system.

The server infrastructure hasfour main components:● Application servers: these are

the real machines where usersrun their session. It is possibleto have only one active sessionon the pool of servers. Thecommunication between yourmachine and the terminal serveris always encrypted.● Licence server: this enablesthe transparent connectivitybetween an application serverand a desktop machine runningWindows, Linux or Macintosh.● Directory service: this permitsreconnection to a previousdisconnected session.

● Terminal-service-roaming-profile server: this gives theimpression of a uniqueenvironment independently ofwhere you connect. Yourterminal service settings willmove from one machine toanother, making it appear thatyou are always connected to thesame machine.

More informationPlease check our website:http://cern.ch/wts. Ruben Gaspar Aparicio, IT/IS

Fig. 4: a WTS session is identical to the one a NICE user gets using a

Windows computer. Users can access various CERN applications.

Fig. 3: the recommended way to end a session is to log off from the

application server as you would log off from your NICE computer.

Fig. 1 (above): how can I connect

to the Windows Terminal Service?

Fig. 2 (left): when logging in, use

the alias CERNTS.cern.ch.

13CERN Computer Newsletter • Apr i l–May 2006

Information corner

Working with NonAdmin on your PCAs announced in the last issueof CNL (“NonAdmin tacklesWindows security”, p3),Windows XP NICE installationsno longer grant administrativeprivileges by default to the mainuser or to the personresponsible for a computer.

Users without administrativeprivileges can do most of theirwork without noticing the change.Common applications (such asMicrosoft Office, InternetExplorer, Outlook and AcrobatReader) will run correctly, and itis still possible to change user-specific settings through thecontrol panel (such as displayand regional settings, andInternet options); to configureaccess to a new network printerat CERN; and to create a newVPN connection to CERN.

There are known issues,however, when you are not yourcomputer’s administrator. Awork-around is provided foreach of these issues, and it isusually based on the NiceAdminapplication.

In the Start / All Programsmenu on all CERN NICE PCs thereis now a NiceAdmin group thathas several entries. These areshortcuts to the NiceAdminWinapplication and options. The firsttime you launch the applicationyou will need to provide yourNICE credentials (only the main

user or the person responsiblefor the computer is allowed toexecute tasks withadministrative privileges).

Here is the present list ofentries in the NiceAdmin group:● Add Remove Programs asAdmin. This opens Control Panel/Add Remove Programs withadministrative privileges.● Console as Admin. This opensa console window that runs withadministrative privileges. Anyprogram you execute from herewill have administrativeprivilege.● Control Panel as Admin. Thisopens the control panel withadministrative privileges andallows you to choose whichsetting to change.● Create NiceAdmin Shortcuts.When using this wizard you caneasily create or modify shortcutsto applications so that you canlaunch them with administrativeprivileges. The easiest way touse it is to drag/drop theshortcut to the top of yourapplication’s list in the Startbutton (near the InternetExplorer shortcut), then tochoose another shortcut (likeRemedy), and drag/drop it ontoCreate NiceAdmin Shortcuts.This will create a modifiedversion of the shortcut so thatNiceAdminWin will be calledfirst, giving you administrative

privileges. This shortcut will beplaced in the NiceAdmin group. ● Internet Explorer as Admin.This launches Internet Explorerwith administrative privileges.● Network Connections asAdmin. This opens ControlPanel / Network Connectionswith administrative privileges.● NiceAdmin Options. Thisenables NICEAdmin options(such as password caching) tobe changed. By default yourpassword is cached in thememory (protected andencrypted) and you have to typeit in only once per session. ● Power Options as Admin. Thisenables you to change thepower options of your computer.● Set Time–Date Privilege. Thisenables you to set the time onyour computer using the appletto the right of the taskbar.● Account Status. This showsthe status of your session(whether or not it is running withadministrative privileges) and ofyour account (whether or notyou are a member of the localadministrators group). It allowsyou to permanently changestatus (for example, to regain orrelinquish administrativeprivileges for your account, andkeep the setting across log-ons).

For more information, visithttp://cern.ch/WinServices/docs/nonadmin.

CalendarApril3–7 HEPiX meetingCASPUR, Rome, Italywww.hepix.org

25–29 20th IEEE InternationalParallel & Distributed ProcessingSymposiumRhodes Island, Greece www.ipdps.org

May 3–6 Grid and PervasiveComputing (GPC 2006)TungHai University, Taiwanhttp://hpc.csie.thu.edu.tw/gpc2006

4–5 DEISA SymposiumBologna, Italywww.deisa.org/symposium/index.php

9–12 GGF17Tokyo, Japanwww.ggf.org

15–18 TERENA NetworkingConference 2006Catania, Italywww.terena.nl/conferences/tnc2006

16–19 Grid Asia 2006Singaporewww.ngp.org.sg/gridasia/2006

28–31 International Conferenceon Computational Science (ICCS2006)Reading, UKwww.iccs-meeting.org/iccs2006/index.html

30–1 June First InternationalConference on ScalableInformation Systems (INFOSCALE2006) Hong Kongwww.infoscale.org

September22–24 6th WSEAS InternationalConference on Simulation,Modelling and Optimization Lisbon, Portugalwww.worldses.org/conferences/2006/lisbon/smoPaper deadline: 15 May

25–29 EGEE’06Geneva, Switzerlandhttp://cern.ch/egee-intranet/conferences/EGEE06

CERN School of Computing will be held in Finland

The deadline for submissions to the next issue of CNL is 5 MayE-mail your contributions to cnl.editor@cern.chIf you would like to be informed by e-mail when a new issue of CNL is available, subscribe to themailing list cern-cnl-info. You can do this from the CERN CNL website at http://cern.ch/cnl

The 29th CERN School ofComputing (CSC) will be held at Kumpula Campus at theUniversity of Helsinki, Finland,from 21 August to 1 September,in collaboration with theHelsinki Institute of Physics.

The school is open topostgraduate students andresearch workers with severalyears’ experience in elementaryparticle physics, computing or

related fields. The number ofparticipants will be limited to80. The school is open toapplicants from both member

states and non-member statesof CERN. Applicants should posta letter of reference and acertification form to arrive by1 May, and submit a Web-basedapplication form by 15 May.

You can find more detailsabout the school (includingprogramme highlights, practicalinformation, EU grants and howto apply) on the CSC website athttp://cern.ch/CSC.