Nov 1, 2000 Site report DESY 1

DESY Site Report

Wolfgang Friebel

DESY

Nov 1, 2000 HEPiX Fall 2000@JLAB

Nov 1, 2000 Site report DESY 2

Contents

Linux Automated installation Fileserver with IDE disks

Project Disk Cache LDAP and User registry Security update

DESY Certificate Authority Port filtering Bastion host

Misc topics

Nov 1, 2000 Site report DESY 3

Linux

Automated Linux Installation and Configuration with YaST2 see also talk by T. Kleinwort Draft of the YaST2 enhancements worked out (SuSE, DESY) Prototype of new inst/config tool expected by mid Nov.

Installation of large file servers with IDE disks similar systems as proposed (and installed) by CERN (F. Collin) one test system 1.5 TB ordered for H1 (Hamburg) installation and first tests since two weeks smaller system 600 GB ordered for Zeuthen After successful tests further file servers for other experiments planned

Nov 1, 2000 Site report DESY 4

Project Disk Cache Driven by increasing demands of data storage and access

(HERA Luminosity upgrade) Project objectives - experiments view

Staging of data for analysis and reconstruction, fast and efficient access efficient usage of staging pools and bandwidth by importance caching centrally maintained and fully transparent user work space

Project objectives - technical view optimized usage of existing tape drives, use of cheaper drives possible automatic exploration of optimal location for data no explicit staging required any longer data access independent from data placement

Realisation in cooperation with FNAL Major goals should be reached at HERA restart (III/2001)

Nov 1, 2000 Site report DESY 5

LDAP and User registry

New LDAP version 3 servers installed (HH+Ztn) openldap 2.0.6, scheme with minor DESY enhancements Plans to have NIS functionality with LDAP (1 Linux box in

Zeuthen running already for one year with LDAP)

Plans to write (or purchase) a new DESY wide user registry goal: automation of account related system administration User registry should be base for LDAP, active directory and

further data collections

Nov 1, 2000 Site report DESY 6

Security update

DESY Certificate Authority created (9/2000) signed by DfN (German research network provider) two CA’s under the top level DESY CA first use for web (https) and mail (simap) servers

Very strict port filtering in WAN router (5/2000) ports only for encrypted protocols open (exceptions http, afs) opening of further ports only on well founded request reduction of scans observed, attack against computer with many

open ports seen, since then fewer exceptions from policy

Bastion hosts based on Mindterm ssh java applet in production for Hamburg, in test for Zeuthen

Nov 1, 2000 Site report DESY 7

Misc topics

Status batch system CODINE company Gridware acquired by Sun in July freely available for Solaris, other platforms to come source code will be put under open source code license (I/2001?) more infos under http://www.sun.com/gridware farms in Zeuthen and few linux boxes in Hamburg equipped with

Codine

Status trouble ticket system (Zeuthen) more than 4500 tickets resolved since May 1998 proved successful, only minor „social“ problems not related to

SW

Nov 1, 2000 Site report DESY 8

Misc topics (2)

Status of free precompiled software from TWW very responsive small company (The Written Word) security updates as fast as possible (sometimes before we heard

of the security holes) one package manager (pkg-inst) for ALL platforms new platforms Solaris 8, AIX 4.3.2, Digital UNIX 4.0A TWW tried to improve their distribution including feedback of my

talk at the HEPiXspring meeting we are willing to use TWW for more platforms, decision for

Hamburg site not yet taken

Experimental Kerberos 5 infrastructure (HH)

Nov 1, 2000 Site report DESY 9

Trends

Rise in compute power mostly Linux April:304(HH)+66(Ztn)Systems, Oct:446+80

Increasing number of Solaris boxes for service functions 127+27 --> 139+36

High and rising demands in storage capacity Luminosity upgrade for HERA in 2001 taking APEMille parallel computers into production

Decreasing number of System Administrators Increasing average age of Sysadmins