25
9-Apr-99 D.P.Kelsey, HTASC report 1 HTASC - Report to HEP- CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 (http://home.cern.ch/~eauge/htasc/public/)

9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

Embed Size (px)

Citation preview

Page 1: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 1

HTASC - Report to HEP-CCC

David Kelsey, RALd.p.kelsey@ rl.ac.uk

9 April 1999(http://home.cern.ch/~eauge/htasc/public/)

Page 2: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 2

HTASC #11 4th/5th March 1999, CERN

Agenda• Routine business

– including ‘Roundtable’ update

• Report from HEPNT group• Report from Security group• Y2k problem• Software licensing

Page 3: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 3

HTASC Membership

• Two new members– Ola Borrebaek (Norway)– Nicanor Colino (Spain)

• Still no participation from Austria, Finland, Greece, Portugal and Sweden

• HTASC #11– 15 members in attendance

Page 4: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 4

Roundtable update

• Essentially unanimous agreement– European network (TEN-155) is good– poor/unusable access to USA

• Some concern (privacy implications) about CERN’s monitoring of network traffic

• Network charging (CH by volume, HU by bandwidth, UK/transatlantic by volume)

• Increasing activity in Video Conferencing• Linux growing fast

– worries about support and user-managed systems

Page 5: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 5

HEPNT

Open Meeting: 2-4 Dec 98 (CERN)– http://hepntdays.web.cern.ch/hepntdays/home.htm

• successful first meeting– 67 participants from 11 countries (incl. USA and Canada)

• important themes– Installation, configuration and management– Windows 2000 (NT V5)– Security– UNIX/NT integration– File serving/sharing– HEP applications on NT

Page 6: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 6

HEPNT (2)

28/29 Jan 99: closed meeting (CERN)• WAN file sharing

– INFN proposal for WAN NT domain– Identified need for tests of RAS/PPTP over Internet– AFS/NT is the interim solution– WWW is likely to be the future

• Windows 2000 (NT5)– several test domains exist– more are coming (e.g. a CERN WG)– useful to collaborate on migration to Windows 2000

• Aim to complete web pages by June 99

Page 7: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 7

HEPNT (3)

• Future plans– HEPiX (14-16 April 99 at RAL)

• includes various NT talks

– 20/21 May 99 closed HEPNT (DESY-Zeuthen)• finalise web pages• review mandate (report back to HTASC/HEPCCC)• plans for Windows 2000

– joint HEPiX/HEPNT meeting (USA, Autumn 99)

• 2nd Open HEPNT meeting (1st in USA)

– Windows 2000 migration group?

Page 8: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 8

Security Group

• New group, created at last HEP-CCC• See next 7 slides from Tobias Haas

(chairman)• report delayed until June 99 HTASC

meeting

Page 9: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

4-Mar-99 HTASC security, Tobias Haas 9

Mandate

Draft Mandate of HTASC Computer/Network Security Subgroup

================================================

Advise HTASC/HEPCCC on Computer and Network Security needs and to suggest policies to meet those needs for HEP laboratories and institutes by

• defining computer/network security guidelines for HEP institutions,

• estimating the resources needed to implement such guidelines,

• suggesting means of communication between the institutions in case of security incidents.

Page 10: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

4-Mar-99 HTASC security, Tobias Haas 10

Membership(updated)

• A. Flavell (UK)

• J. Gamble (CERN)• T. Haas (Germany/Chair)• J. Kadlecsik (Hungary)• W. Niepraschk (Germany/DESY)

to be confirmed...

• R. Cowles (SLAC)?

• B. Perrot (LAL, Orsay)?

• E. Wassenar (NIKHEF)?

Page 11: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

4-Mar-99 HTASC security, Tobias Haas 11

Schedule

• Report to March HEPCCC.• Delayed by Chairman’s fault.• Plan now:

– get going during this meeting– circulate draft recommendation soon after– finalize asap.

Page 12: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

4-Mar-99 HTASC security, Tobias Haas 12

Basic Ideas

• General Awareness• Scope of Security• Summarize activities in various

labs/universities• Extract common

trends/recommendations

Page 13: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

4-Mar-99 HTASC security, Tobias Haas 13

Organizational Issues

• Management Support– responsibilities

• coordination team• expert team

– policy– personnel issues

• National Specialties • National/International Support

Page 14: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

4-Mar-99 HTASC security, Tobias Haas 14

Technical Issues

• Firewalls • Monitoring• Different Operating Systems• Examples for general good practice

– passwords– file protections

• Hot Topics

Page 15: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

4-Mar-99 HTASC security, Tobias Haas 15

Emergency Procedures

• WWW– When?– Who?– What?

Page 16: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 16

Y2k problem

• brief discussion at HTASC #10 and last HEPCCC

• Lab infrastructure is assumed to be under control - if not, already too late!

• HTASC is concerned with the experimental collaborations

• Wolfgang Tejessey (Y2k coordinator for CERN/EP) told us about CERN’s Y2k work

• See Wolfgang’s slides (below)

Page 17: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 17

Y2k problem(2)

• HTASC was impressed by the work under way at CERN

• There seems to be nothing similar at DESY– HERA will run over the 1999/2000 rollover!

• Many experiments have done a lot of work• But… no room for complacency• Should continue to raise awareness (aim for

100%)– particularly at DESY?

• Requiring documentation (e.g. web) makes collaborations consider the problem

Page 18: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 18

Y2k problem(3)

HTASC recommends…HEP-CCC should continue to remind HEP

experiments:• It is their duty to analyse and fix Y2k problems.• They should document their strategy and

decisions. Highest priority to be given to matters of ‘safety’ and mission-critical items.

• should include detailed 99/00 roll-over plans (shutdown, startup, availability of experts etc.)

• Contingency plans should be made for mission-critical items

Page 19: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 19

Software licensing

HTASC discussion...• HEP has decided to use more commercial

software.• Computer hardware is getting cheaper.• BUT, commercial software costs are high! • Many, particularly poorer institutes, find that the

costs are too large, both for initial licenses and ongoing maintenance, when not centrally funded

• It used to be relatively easy to buy expensive hardware, but it is much more difficult to obtain funding for software!

Page 20: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 20

Software licensing (2)

Some examples (figures are only illustrative!):• NIKHEF PC’s recently installed at FNAL (D0)

– 3K NLG/PC (2K CHF/PC) for software package– includes 500 CHF for the KAI compiler

• Objectivity– $150k for 100 licenses (10% development)– $2.5k/user for a full development license (or 10KDM)

• LSF (batch)– recently become more expensive– $150/cpu (or 600 DM/cpu)– clients cost ~20% of server license

Page 21: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 21

Software licensing (3)

Consequences of these high costs...• Objectivity

– DESY (Hera) would like to use LHC++/Objectivity– investigating use of ROOT and JAS instead

• Batch systems– CERN (and other places) have chosen LSF to replace NQS– but high cost has resulted in Italy using Condor and IN2P3

developing something on top of NQS

• This causes problems for University groups having to support different experiments using different s/w

• The (hidden) costs of supporting multiple packages should be included in any cost/benefit analysis

Page 22: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 22

Software licensing (4)

• Discussion on GEANT4– Institutes & experiments have signed MOU (Jan99)– Those not signing will receive worse support and lower

priority for the development of specific needs– Some in HTASC were not happy about this– There was also a worry that GEANT4 may require some

components of LHC++, which may not be available

• To summarise (last three slides)– there is a great danger of splitting the

community• e.g. LHC++ for CERN experiments, but not for others

– there is room for coordination

Page 23: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 23

Software licensing (5)

HTASC recommends...• HEP should strive to find the funds for chosen

commercial software. A split between physicists having and not having access to the software must be avoided.

• All efforts should be made to make these standard packages affordable to everyone, including small institutes (HEP-wide deals, central funding etc.).

• The use of non-standard commercial software in HEP-developed packages should be discouraged.

Page 24: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 24

Future HTASC meetings

• 10/11 June, 1999 (NIKHEF)– Report from the Security group– Video conferencing

• 7/8 October, 1999 (CERN)– experience of ‘OO’ technology (e.g. BaBar)

and requirements for training– Networking issues, e.g. differentiated

services

Page 25: 9-Apr-99D.P.Kelsey, HTASC report1 HTASC - Report to HEP-CCC David Kelsey, RAL d.p.kelsey@ rl.ac.uk 9 April 1999 ( eauge/htasc/public/)

9-Apr-99 D.P.Kelsey, HTASC report 25

Summary

• HTASC invites HEP-CCC to take note of recommendations – on Y2K– on Software licensing