the travelling scientist problem - desy · Øwhat is the “the traveling scientist problem ......

The Traveling Scientist The Traveling Scientist ProblemProblem

Tobias HaasTobias HaasDESY Computing SeminarDESY Computing Seminar

19 May 200319 May 2003

This TalkThis Talk

ØØContextContextll HEPCCC, HTASC and all thatHEPCCC, HTASC and all that

ØØWhat is the “The Traveling Scientist What is the “The Traveling Scientist Problem”Problem”

ØØHTASC survey/discussionHTASC survey/discussionØØHTASC/HEPCCC recommendationsHTASC/HEPCCC recommendationsØØ Some remarksSome remarksØØConclusionsConclusions

CreditsCredits

ØØManuel Manuel DelfinoDelfino: : ll “People“People--centric environments”centric environments”

ØØ Irwin Gaines:Irwin Gaines:ll “Traveling Physicist Problem”“Traveling Physicist Problem”

ØØHTASC members and in particular Jorge HTASC members and in particular Jorge Gomes:Gomes:ll User surveyUser survey

HEPCCC/HTASC HEPCCC/HTASC

ØØ High Energy Physics Computing Coordination High Energy Physics Computing Coordination Committee (HEPCCC):Committee (HEPCCC):ll Brings together major HEP computing sites from the Brings together major HEP computing sites from the

CERN member states at directors level. (Includes CERN member states at directors level. (Includes observers from US and Asia)observers from US and Asia)

ll Reports to ECFAReports to ECFAll Tasks:Tasks:

•• Discuss organisation, coDiscuss organisation, co--ordination and optimisation of ordination and optimisation of computing in terms both of money and personnel, e. g. computing in terms both of money and personnel, e. g. common research proposals to the EUcommon research proposals to the EU

•• Information exchangeInformation exchange

ll http://tildehttp://tilde--djacobs.home.cern.ch/~Djacobs/Hepcccw3djacobs.home.cern.ch/~Djacobs/Hepcccw3

HEPCCC Recent Agenda ItemsHEPCCC Recent Agenda Items

ØØ Computing for QCD calculationsComputing for QCD calculationsØØ Computing for COMPASSComputing for COMPASSØØ Computing for BELLEComputing for BELLEØØ Future computing needs for nonFuture computing needs for non--acceleratoraccelerator--based based

experimentsexperimentsØØ The Lyon biology grid projectThe Lyon biology grid projectØØ Status and plans for the Status and plans for the GridKAGridKAØØ Status of US/CMS computingStatus of US/CMS computingØØ Status of the TierStatus of the Tier--1 center in the UK1 center in the UKØØ European networkingEuropean networkingØØ The “Traveling Physicist” problemThe “Traveling Physicist” problem

HTASCHTASC

ØØHEPCCC Technical Advisory HEPCCC Technical Advisory SubcommitteeSubcommitteell Advises HEPCCC on technical issuesAdvises HEPCCC on technical issuesll Representatives from CERN member statesRepresentatives from CERN member statesll http://http://htasc.pi.infn.ithtasc.pi.infn.it//

Members:Austria: Gerhard WalzelBelgium: Rosette VandenbrouckeCERN: Jürgen KnoblochCzech Republic: Milos LokajicekScandinavia: Björn NilssonFrance: Francois EtienneGermany: Rainer MankelGreece: Emmanuel FloratosHungary: Jozsef KadlecsikItaly: Francesco Forti

Netherlands: Els de WolfNorway: Ola BorrebakPoland: Grzegorz PolokPortugal: Jorge GomesSlovakia: Peter ChochulaSpain: Nicanor ColinoSwitzerland: Christoph GrabUK: Allen FlavellObservers:US: Irwin GainesJapan: Setsuya KawabataChairman:Tobias Haas

HTASC Recent Agenda ItemsHTASC Recent Agenda Items

ØØNordunet/NordugridNordunet/Nordugrid,,ØØComputer and network security,Computer and network security,ØØW2K/WXP migration,W2K/WXP migration,ØØ Video conferencing,Video conferencing,ØØ LCG application domain,LCG application domain,ØØ PASTA III report,PASTA III report,ØØ BabarBabar computing,computing,ØØ “Traveling Physicist Problem”“Traveling Physicist Problem”

The ProblemThe Problem

ØØDespite the fact that technology facilitates Despite the fact that technology facilitates user to user communication, people still user to user communication, people still travel. travel. FF this will not changethis will not change

ØØWhen people travel, they expect to be able When people travel, they expect to be able to access computing services, at various to access computing services, at various levels.levels.

ØØ The general perception: This is difficult!The general perception: This is difficult!ØØWhy?Why?

Why?Why?

ØØ Incompatible technical standardsIncompatible technical standardsll e. g. Electrical plugse. g. Electrical plugsll e. g. Telephone plugs e. g. Telephone plugs ll e. g. wireless standards (French WLAN cards do not e. g. wireless standards (French WLAN cards do not

work in Switzerland)work in Switzerland)

ØØ Incompatible policiesIncompatible policiesll Competing/Incompatible authentication mechanisms,Competing/Incompatible authentication mechanisms,ll Widely varying security standards.Widely varying security standards.

FFLack of CoordinationLack of Coordination

USA

GERDEN

SWI

A “A “GedankenGedanken” Obstacle ” Obstacle Course for Traveling Course for Traveling

Physicists…Physicists…

DisclaimerDisclaimer

Even though names and places have been Even though names and places have been changed, the following has been taken changed, the following has been taken from the real experiences of real people from the real experiences of real people traveling to real places, trying to do real traveling to real places, trying to do real work!work!

Obstacle 1:Obstacle 1:

Just arrived at CERN for a Just arrived at CERN for a meeting but unfortunately meeting but unfortunately forgot what room it takes place forgot what room it takes place in:in:FF Check the invitation in your Check the invitation in your

email!email!

Handicap: Handicap: You have no laptop!You have no laptop!

Traveling without a laptop:Traveling without a laptop:logon to DESYlogon to DESY

ØØ This should be the simplest thing to ask… butThis should be the simplest thing to ask… butll How do you get access to a public workstation at How do you get access to a public workstation at

CERN?CERN?☺☺ CERN has public access workstations in front of the User’s CERN has public access workstations in front of the User’s

office… office… KK … but you need a NICE2K login … … but you need a NICE2K login … ☺☺ find that old friend of yours and use his office + computer find that old friend of yours and use his office + computer ……

ll Most labs require Most labs require sshssh (CERN only recommends)(CERN only recommends)☺☺ Everybody has Everybody has sshssh nowadays nowadays !! right !?right !?

ll But… is it the right version and is it not been hacked?But… is it the right version and is it not been hacked?☺☺ Use Use DESY’sDESY’s wonderful bastion web sitewonderful bastion web siteLL … bastion does not work on his MAC… bastion does not work on his MAC


You are at SLAC and would like to send an You are at SLAC and would like to send an email. (You did bring a laptop)email. (You did bring a laptop)

Handicap: Handicap: You are using You are using imapimap and a and a reasonable mail client reasonable mail client ((netscapenetscape, , mozillamozilla or outlook or outlook express!)express!)

Traveling with a laptop:Traveling with a laptop:trying to send mail via trying to send mail via mail.desy.demail.desy.de

ØØ You have successfully connected your laptop to You have successfully connected your laptop to the local network the local network ☺☺

ØØ You can read your mail You can read your mail ☺☺ØØ Now you try to send a mail:Now you try to send a mail:

ll mail.desy.demail.desy.de stubbornly refuses to send mails stubbornly refuses to send mails LLKK Local experts hint that this is probably a security feature!Local experts hint that this is probably a security feature!KK … you might logon to DESY and use pine …… you might logon to DESY and use pine …KK …… unfortunately you have not used pine in years and have unfortunately you have not used pine in years and have

gotten used to the ease and comfort of a modern mail clientgotten used to the ease and comfort of a modern mail clientKK … you grudgingly decide to use pine… you grudgingly decide to use pineLL A week later after you get home you realize that you have A week later after you get home you realize that you have

no record of the emails you sent.no record of the emails you sent.


Just arrived at SLAC for a seminar and you Just arrived at SLAC for a seminar and you realize that your talk which you prepared realize that your talk which you prepared well in advance does not seem to be on well in advance does not seem to be on your laptop even though you checked your laptop even though you checked twice before leaving DESY. twice before leaving DESY.

Handicap: You are using Windows and you Handicap: You are using Windows and you routinely store your documents on drive h: routinely store your documents on drive h: (which has backup!)(which has backup!)

Traveling with a laptop:Traveling with a laptop:trying to access Windows file systemstrying to access Windows file systems

ØØ You have successfully connected your laptop to You have successfully connected your laptop to the local network the local network ☺☺

ØØ Now try to access data on drive h:Now try to access data on drive h:ll Your laptop does not find the network drive Your laptop does not find the network drive LLKK Local experts hint that this is probably a security feature, Local experts hint that this is probably a security feature,

because windows file protocols are blocked at the firewall because windows file protocols are blocked at the firewall almost everywhere!!!almost everywhere!!!

KK … experts suggest that somebody at DESY should copy the … experts suggest that somebody at DESY should copy the file to AFS …file to AFS …

KK … unfortunately, almost everybody at DESY is asleep … … unfortunately, almost everybody at DESY is asleep … KK …… but you remember that a friend of yours happens to be but you remember that a friend of yours happens to be

on night shift in the ZEUS control room on night shift in the ZEUS control room –– you call and ask you call and ask him a favor.him a favor.

LL Unfortunately, much too late you realize that your AFS client Unfortunately, much too late you realize that your AFS client is no working either!!!!is no working either!!!!

Obstacle 4:Obstacle 4:You ordered a brand new shiny You ordered a brand new shiny

lightninglylightningly fast DSL connection fast DSL connection to be able to prepare conference to be able to prepare conference talks at home. Unfortunately after talks at home. Unfortunately after spending 2 weekends getting it spending 2 weekends getting it to work you realize that to work you realize that everything you could do at DESY everything you could do at DESY over your old sluggish ISDN over your old sluggish ISDN connection does not seem to connection does not seem to work any more. work any more.

Handicap: Handicap: You are not an expert on You are not an expert on firewalls, IP firewalls, IP mimickrymimickry, , PPPoIPPPPoIP, etc…, etc…

Working from home over DSL:Working from home over DSL:trying to access DESY resourcestrying to access DESY resources

ØØ You have successfully configured your PC and your DSL You have successfully configured your PC and your DSL line line ☺☺

ØØ Now try to access DESY resources:Now try to access DESY resources:ll access files on AFS access files on AFS LLll send mail via send mail via mail.desy.demail.desy.deLLll browse internal DESY web pages browse internal DESY web pages LLll Print on DESY printers Print on DESY printers LL

KK DESY experts tell you that you are trying to connect from DESY experts tell you that you are trying to connect from a ‘hostile’ network and are therefore blocked at the a ‘hostile’ network and are therefore blocked at the firewall.firewall.

LL You don’t understand why DSL is different from ISDN You don’t understand why DSL is different from ISDN and decide to give up and use ISDN to connect to DESYand decide to give up and use ISDN to connect to DESY


As a ZEUS collaborator from the US you come for As a ZEUS collaborator from the US you come for a collaboration week and you would like to print a collaboration week and you would like to print out the most recent version of a paper to read in out the most recent version of a paper to read in the evening in your apartment . the evening in your apartment .

Handicap: Handicap: You arrive on Sunday evening and you have an You arrive on Sunday evening and you have an editorial board on Monday morning.editorial board on Monday morning.

Coming to DESY with a laptop:Coming to DESY with a laptop:trying to printtrying to print

ØØ You have forgotten your DESY passwords You have forgotten your DESY passwords LLØØ Now try to print from your laptop which is connected to Now try to print from your laptop which is connected to

the DESY network:the DESY network:ll You don’t know the name of the print server You don’t know the name of the print server LLll …… even if you did even if you did …… since your new laptop is not registered at since your new laptop is not registered at

DESY, the DESY, the printserverprintserver would not allow you to print would not allow you to print LLll You will not get it registered in time You will not get it registered in time LL

KK You go to the DESY guest house hoping that they may You go to the DESY guest house hoping that they may have installed a wireless network there. have installed a wireless network there.

LL Unfortunately, you don’t know that you could have gone Unfortunately, you don’t know that you could have gone to the canteen/bistroto the canteen/bistro

Many more obstaclesMany more obstacles

ØØWorking from a hotel room,Working from a hotel room,ØØDealing with different identities:Dealing with different identities:

ll Member of different experiments, labs, Member of different experiments, labs, working groups, etc…working groups, etc…

ØØRemembering all those passwords,Remembering all those passwords,ØØHosting web pages or mailing listsHosting web pages or mailing listsØØ……

Questions in this ContextQuestions in this Context

ØØ Access to IT resourcesAccess to IT resourcesll Mail, Mail, WebspaceWebspace, printing, network, CPU , printing, network, CPU

cycles, storage, SW binaries/cycles, storage, SW binaries/licenceslicences, , document services, etc…document services, etc…

ØØ AuthenticationAuthenticationll Identification, technology, Identification, technology, signonsignon, access, access

ØØ TrustTrust

Scope DefinitionScope Definition

ØØ HEP is not an organizational entity like a global HEP is not an organizational entity like a global corporation but a loosely bound conglomerate of corporation but a loosely bound conglomerate of individuals (and institutions?) with a common individuals (and institutions?) with a common interest and without well defined borders and interest and without well defined borders and without a constitutionwithout a constitution

ØØ HEP laboratories and HEP experiments are well HEP laboratories and HEP experiments are well defined entities with well defined borders and defined entities with well defined borders and constitutionsconstitutions

ØØ From the point of view of individuals laboratories From the point of view of individuals laboratories and experiments overlap!and experiments overlap!

ØØ Can a HEP “virtual organization” be Can a HEP “virtual organization” be constructed? constructed?

HEP Virtual Organization?HEP Virtual Organization?

ØØQuestions:Questions:ll What is the common denominator?What is the common denominator?ll Who are the players? (Individuals, labs, Who are the players? (Individuals, labs,

countries, finance agencies?)countries, finance agencies?)ll Who is going to provide the resources?Who is going to provide the resources?ll Technology?Technology?ll Is it actually needed?Is it actually needed?

Simplify: Simplify: The Traveling PhysicistThe Traveling Physicist

ØØ Term coined by Irwin GainesTerm coined by Irwin GainesØØ Separate from GRID computingSeparate from GRID computingØØ Everybody has a home institutionsEverybody has a home institutionsØØ IT resources available at home institutions are IT resources available at home institutions are

typically very goodtypically very goodØØ … access to the resources is often difficult …… access to the resources is often difficult …ØØ Collaboration/coordination between different Collaboration/coordination between different

HEP sites can improve the situation!HEP sites can improve the situation!FF Starting point of HTASC DiscussionStarting point of HTASC Discussion

HTASC DiscussionHTASC Discussion

XXIII HTASC Meeting – CERN March 2003

LIP and the Traveling Physicist

Jorge GomesLIP - Computer Centre


The user opinion


Remote access– Users want access to resources from:

• Universities and other institutes• Conferences• Home (through ADSL and Cable)• Hotels• Airports

– Using:• Their portables (everybody has one)• Local workstations and terminals


Arriving to a site with a portable– Users complaint:

• Network configuration• Different site policies (such as portable registration).• Some sites still don’t have DHCP.

• Physical network• Lack of network sockets for portables.• Wireless networking coverage is often bad.

• Why doesn’t CERN have WLAN at the Foyer ???

• Power • Sometimes the power plugs don’t fit in.• Most conference rooms lack power outlets.


Arriving to a site with a portable– Users complaint:

• Mail usage • Home SMTP servers are closed because of SPAM.• Access to the home mail server can be difficult without

web mail.• Obtaining the name of the local SMTP gateway can be a

problem and requires reconfiguration of the mail agent.

• Different print environments• In some sites special packages must be installed.• Installation of drivers in Windows, Linux and Mac.


Arriving to a site without a portable– Users complaint:

• Workstations• Need of a local account to use an existing workstation

(even public).• Different accounts at each site.• Lack of public workstations for guests.• SSH and SCP is not installed everywhere.

• Affects login, file copy and X applications.

• X servers to available in some public PCs

• Network• Most sites don’t accept telnet ☺

• This is a problem with the old X terminals


Generally– Users complaint:

• X being slow across sites.• SSH compression doesn’t work when privilege separation is

enabled.

• Access to the home directory without AFS is difficult.• Differences in the commands available at the

several sites.• Problems with powerpoint compatibility across sites.• Difficulties in transferring files namely when using

portables.• Access to systems behind firewalls.• Certificates and CAs not recognized everywhere

(affects webmail).


Recommendations– WEBMAIL is essential when travelling.– Things that should be available at all

institutes:• Wireless LAN• Power outlets• DHCP• SSH and SCP• PS printers available through LPD• Public workstations for guests• Web page with information for travellers on

how to use the local resources

HTASC Discussion ResultsHTASC Discussion Results

ØØ The Traveling Physicist is an everyday realityThe Traveling Physicist is an everyday realityØØ …but life of the traveling physicist is surprisingly …but life of the traveling physicist is surprisingly

hard …hard …ØØ Everybody agrees on the problems but erects Everybody agrees on the problems but erects

different individual stumbling blocks.different individual stumbling blocks.ØØ Life could be made a lot easier if the key players Life could be made a lot easier if the key players

(labs, institutes) provide a standard set of (labs, institutes) provide a standard set of services services AND documentation on how to use AND documentation on how to use them them

HTASC RecommendationsHTASC RecommendationsØØ Standard services to be provided for the Standard services to be provided for the

“Traveling Physicist”:“Traveling Physicist”:ll Wireless LAN (e.g. guest houses/hostels)Wireless LAN (e.g. guest houses/hostels)ll VPNVPNll Power outlets in seminar roomsPower outlets in seminar roomsll DHCPDHCPll SSH and SCPSSH and SCPll WEBMAIL interfaceWEBMAIL interfacell Authenticated SMTP serviceAuthenticated SMTP servicell Access to print services for guestsAccess to print services for guestsll Public workstationsPublic workstationsll RedundancyRedundancyll Documentation in standard location on the WEBDocumentation in standard location on the WEB

Comments on WLANComments on WLAN

ØØWonderful thingWonderful thingØØ… but coverage varies …… but coverage varies …LLCERN: very poor, (e. g. only some conference CERN: very poor, (e. g. only some conference

rooms, no WLAN in cafeteria, hostel, etc…)rooms, no WLAN in cafeteria, hostel, etc…)KKDESY: fair (all conference rooms, cafeteria, DESY: fair (all conference rooms, cafeteria,

but not in the guest housesbut not in the guest houses☺☺SLAC: excellent, almost everywhereSLAC: excellent, almost everywhere

KKThere is a security concern: WLAN can be There is a security concern: WLAN can be easily sniffed easily sniffed

Comments on VPNComments on VPN

ØØ VPN = “Virtual Private Network”VPN = “Virtual Private Network”ØØ Establishes an encrypted channel between a Establishes an encrypted channel between a

machine on a ‘hostile’ network and the DESY machine on a ‘hostile’ network and the DESY intranet intranet

☺☺ … as if at DESY …… as if at DESY …LL Very sensitive to network Very sensitive to network

instabilities (machine hangs!)instabilities (machine hangs!)LL Some sites concerned about Some sites concerned about

securitysecurityLL One more PWOne more PW

Comments on DHCPComments on DHCP

ØØ DHCP = ‘Dynamic host connection protocol’DHCP = ‘Dynamic host connection protocol’ØØ No fiddling with IP numbersNo fiddling with IP numbersLLNetwork interface needs to be registered to get Network interface needs to be registered to get

on the INTRANETon the INTRANETLLMultiple interfaces on one machine sometimes Multiple interfaces on one machine sometimes

pose a problempose a problemLL Interesting effects in combination with wireless Interesting effects in combination with wireless

(same address allocated more than once)(same address allocated more than once)

Comments on SSH and SCPComments on SSH and SCP

ØØUse of Use of sshssh should be without question… should be without question… KK… client situation on windows is less than … client situation on windows is less than

optimal (e. g. no builtoptimal (e. g. no built--in client in XP)in client in XP)KK… but not everybody requires it (e.g. … but not everybody requires it (e.g.

CERN still only recommends). Hence, not CERN still only recommends). Hence, not every machine has clients.every machine has clients.

KK… even … even sshssh is not foolproof. is not foolproof.

WEBMAILWEBMAIL

ConclusionsConclusions

ØØ The traveling scientist is an everyday reality,The traveling scientist is an everyday reality,ØØ The general level of support is still only in its infancy,The general level of support is still only in its infancy,ØØ This causes a great level of inefficiency and frustration,This causes a great level of inefficiency and frustration,ØØ In most cases the causes of inefficiency and frustration In most cases the causes of inefficiency and frustration

are organizational rather than technical. This requires are organizational rather than technical. This requires organizational solutions, i. e. coordinationorganizational solutions, i. e. coordination

ØØ A modest first step has been made by HTASC/HEPCCC A modest first step has been made by HTASC/HEPCCC in this direction. in this direction.

ØØ Let’s see what comes of it…Let’s see what comes of it…

the travelling scientist problem - desy · Øwhat is the “the traveling scientist problem ......

Documents