Site Report

Stephan WiesandDESY -DV -

May 24, 2004

Platforms

Windows

XP replacing NT4 and 2k on desktops & machine controls

new server installations are Windows 2003 Server

Solaris/SPARC: 2.6 - 9 (mainstream: 8)

last Solaris/x86 to go this year

Linux/x86

DL5 (SuSE 8.2) replacing DL4 (SuSE 7.2)

to come: Linux/amd64

HP-UX, IRIX: gone or scheduled to go; AIX: few servers

w/o central support: debian/x86, RedHat 7, some OS X ...

Windows

new domain win.desy.de in production since January

XP, 2003

migration from old domain in progress

more than 1000 accounts and 500 PCs exist in new domain

several smaller groups already migrated completely

largest group of Windows users (Hasylab) started in April

Samba Server migrated to 3.02

other groups begin with smaller work groups or projects

Samba 3.02 print server is a domain member

Linux

DL5 (SuSE 8.2) rollout in progress (25% done)

support for base distribution ends April 2004

9.0 patches will help for another 6 months

successor - better: continuation - needed early next year

DL5 is most likely the last DESY Linux based on SuSE

if a common HEP distribution with long lifetime is available and affordable, that's what we'll use

started looking at Scientific Linux

thanks to Fermilab for providing this!

current version seems very compatible with DL5 (for users)

purchase of licenses is an option - if price/value ratio ok

Linux/amd64

aka ia32e aka x86_x64

first test system is a success

IBM eServer 325, 2 x Opteron 246 (2.0 GHz), 4 GB RAM

SuSE 9.0 Professional/amd64

performs superior to fastest Xeon Systems (3.2 GHz)

except FP

ROOT applications especially fast, benefit from 64bit mode

deployment of a small number of production systems soon

seamless integration is relatively easy

concern: cernlib dependency locks users into 32bit past

GRID

participation in D-GRID and EGEE

DESY Grid Testbed2 in operation, see http://grid.desy.de

complete LCG2 site, including RB and BDII

Grid Testbed2

operated in Hamburg on Red Hat 7.3.3 systems

includes nodes in Zeuthen, running on DL5

running: WN, CE, UI; in preparation: SE, RB

data management service includes SRM and GridFTP

SE with dCache backend developed & being tested

resources are included in LCG2 head site at CERN

D-GRID partners are using DESY's ResourceBroker

DESY is Tier 0 and Tier 1 center for HERA

VOs exist for the active HERA experiments, linear collider activities, international lattice data grid

Security

rules for individually maintained systems are in effect now

regular scans from outside our firewall

of all hosts with any port open through firewall

for open ports and known vulnerabilities

by commercial service provider

access to mail servers now by imaps only

got rid of clear text protocols pop and imap

automated deployment of patches

linux, old NT domain (netinstall), new XP domain (SUS)

policies still evolving

Security continued

due to recent sasser threat, manually checked ALL notebooks brought on site for two days

only a few systems got infected

increased update frequency for virus signatures

update server: hourly, client: every three hours

a few users were tricked into installing Bagle.J

lesson: treat encrypted attachments like executables, and quarantine them

firewall now inhibits outgoing SMTP, except for approved mail servers

imagine all sites and providers did that

Mail & Groupware

MS Exchange 2003

only candidate for a DESY-wide central service

planning integration into new windows domain

may also become the solution for Linux/Unix users

evaluating Exchange Connector for Ximian Evolution

but has many requirements

library versions not available from distributions (incl. SL3)

deployable without red carpet ?

no successful test installation yet

consolidation of mailing list administration

will move from PMDF to Sympa, for whole lab

Web Office

support for any DESY group providing web content

centrally supported servers

setup with load balancing & failover

full access to backend services like oracle

Zope application server

ZMS content management system

instantiation of new virtual sites within minutes

including structure and design

Disk Storage

HP MSA 1000

systems installed in Hamburg & Zeuthen

used for Windows home directories

experience is good, system is easy to handle

performance problems for NT4 Clients to W2K3 server

probably not the devices fault...

StorageTek D178

systems installed in Hamburg & Zeuthen

not without flaws

several downtimes (planned & unplanned) during past year

FC, SAN & $$ no guarantee for availability

Disk Storage (medium grade)

continuous demand for high volume affordable storage

dCache read cache; MC/data accessible by NFS, AFS, CIFS

no way to provide this but IDE-RAID

past: 3ware Escalade (still used in workgroup servers)

now moving to SCSI/FC attached subsystems

Infortrend IFT6xxx, more recently: EonStor A16xx (SATA)

better MTBF of disks (due to lower vibrations ?)

EonStor teething problems (still frequent firmware upgrades necessary, controller chip data corruption issue in 2003)

dCache still detects data corruption at 1E-12 level

first linux AFS fileservers with O(TB) partitions/volumes

Miscellaneous News

batch: SGE(EE)

test installation in Hamburg is up (production is LSF)

has been in production on common farm in Zeuthen for years

now running with krb5 integration (through arcX)

acron/arc successors from two student projects available

k5cron (Hamburg) & arcX (Zeuthen) - see talk by W. Friebel

draft of common usage regulations well advanced

planning an infiniband evaluation cluster for this year

new 155Mb/s connection Hamburg-Zeuthen with flat fee

allows projects impossible before (alas, still no redundancy)