Transcript Site Report Stephan Wiesand DESY -DV May 24, 2004 Platforms Windows XP replacing NT4 and 2k on desktops & machine controls new server installations are.

Site Report
Stephan Wiesand
DESY -DV May 24, 2004
Platforms
Windows
XP replacing NT4 and 2k on desktops & machine controls
new server installations are Windows 2003 Server
Solaris/SPARC: 2.6 - 9 (mainstream: 8)
last Solaris/x86 to go this year
Linux/x86
DL5 (SuSE 8.2) replacing DL4 (SuSE 7.2)
to come: Linux/amd64
HP-UX, IRIX: gone or scheduled to go; AIX: few servers
w/o central support: debian/x86, RedHat 7, some OS X ...
Windows
new domain win.desy.de in production since January
XP, 2003
migration from old domain in progress
more than 1000 accounts and 500 PCs exist in new domain
several smaller groups already migrated completely
largest group of Windows users (Hasylab) started in April
Samba Server migrated to 3.02
other groups begin with smaller work groups or projects
Samba 3.02 print server is a domain member
Linux
DL5 (SuSE 8.2) rollout in progress (25% done)
support for base distribution ends April 2004
9.0 patches will help for another 6 months
successor - better: continuation - needed early next year
DL5 is most likely the last DESY Linux based on SuSE
if a common HEP distribution with long lifetime is available
and affordable, that's what we'll use
started looking at Scientific Linux
thanks to Fermilab for providing this!
current version seems very compatible with DL5 (for users)
purchase of licenses is an option - if price/value ratio ok
Linux/amd64
aka ia32e aka x86_x64
first test system is a success
IBM eServer 325, 2 x Opteron 246 (2.0 GHz), 4 GB RAM
SuSE 9.0 Professional/amd64
performs superior to fastest Xeon Systems (3.2 GHz)
except FP
ROOT applications especially fast, benefit from 64bit mode
deployment of a small number of production systems soon
seamless integration is relatively easy
concern: cernlib dependency locks users into 32bit past
GRID
participation in D-GRID and EGEE
DESY Grid Testbed2 in operation, see http://grid.desy.de
complete LCG2 site, including RB and BDII
Grid Testbed2
operated in Hamburg on Red Hat 7.3.3 systems
includes nodes in Zeuthen, running on DL5
running: WN, CE, UI; in preparation: SE, RB
data management service includes SRM and GridFTP
SE with dCache backend developed & being tested
resources are included in LCG2 head site at CERN
D-GRID partners are using DESY's ResourceBroker
DESY is Tier 0 and Tier 1 center for HERA
VOs exist for the active HERA experiments, linear
collider activities, international lattice data grid
Security
rules for individually maintained systems are in effect now
regular scans from outside our firewall
of all hosts with any port open through firewall
for open ports and known vulnerabilities
by commercial service provider
access to mail servers now by imaps only
got rid of clear text protocols pop and imap
automated deployment of patches
linux, old NT domain (netinstall), new XP domain (SUS)
policies still evolving
Security continued
due to recent sasser threat, manually checked ALL
notebooks brought on site for two days
only a few systems got infected
increased update frequency for virus signatures
update server: hourly, client: every three hours
a few users were tricked into installing Bagle.J
lesson: treat encrypted attachments like executables, and
quarantine them
firewall now inhibits outgoing SMTP, except for approved
mail servers
imagine all sites and providers did that
Mail & Groupware
MS Exchange 2003
only candidate for a DESY-wide central service
planning integration into new windows domain
may also become the solution for Linux/Unix users
evaluating Exchange Connector for Ximian Evolution
but has many requirements
library versions not available from distributions (incl. SL3)
deployable without red carpet ?
no successful test installation yet
consolidation of mailing list administration
will move from PMDF to Sympa, for whole lab
Web Office
support for any DESY group providing web content
centrally supported servers
setup with load balancing & failover
full access to backend services like oracle
Zope application server
ZMS content management system
instantiation of new virtual sites within minutes
including structure and design
Disk Storage
HP MSA 1000
systems installed in Hamburg & Zeuthen
used for Windows home directories
experience is good, system is easy to handle
performance problems for NT4 Clients to W2K3 server
probably not the devices fault...
StorageTek D178
systems installed in Hamburg & Zeuthen
not without flaws
several downtimes (planned & unplanned) during past year
FC, SAN & $$ no guarantee for availability
Disk Storage (medium grade)
continuous demand for high volume affordable storage
dCache read cache; MC/data accessible by NFS, AFS, CIFS
no way to provide this but IDE-RAID
past: 3ware Escalade (still used in workgroup servers)
now moving to SCSI/FC attached subsystems
Infortrend IFT6xxx, more recently: EonStor A16xx (SATA)
better MTBF of disks (due to lower vibrations ?)
EonStor teething problems (still frequent firmware upgrades
necessary, controller chip data corruption issue in 2003)
dCache still detects data corruption at 1E-12 level
first linux AFS fileservers with O(TB) partitions/volumes
Miscellaneous News
batch: SGE(EE)
test installation in Hamburg is up (production is LSF)
has been in production on common farm in Zeuthen for years
now running with krb5 integration (through arcX)
acron/arc successors from two student projects available
k5cron (Hamburg) & arcX (Zeuthen) - see talk by W. Friebel
draft of common usage regulations well advanced
planning an infiniband evaluation cluster for this year
new 155Mb/s connection Hamburg-Zeuthen with flat fee
allows projects impossible before (alas, still no redundancy)