Upload
lamthuy
View
212
Download
0
Embed Size (px)
Citation preview
WORLD METEOROLOGICAL ORGANIZATION
TECHNICAL OPTIONS OF COMPUTERZED WORLD WEATHER WATCH BASIC SYSTEMS AT NMCs IN RA I
prepared by
E. NYONI(Data Processing Consultant, Dar-es-Salaam,
Tanzania)
July 2000Secretariat of the World Meteorological Organization - Geneva - Switzerland
NOTE
The designations employed and the presentation of material in this publication do not imply the expression of any opinion whatsoever on the part of the Secretariat of the World Meteorological Organization concerning the legal status of any country, territory, city or area, or of its authorities, or concerning the delimitation of its frontiers or boundaries.
The report has been produced without editorial revision by the WMO Secretariat. It is not an official WMO publication and its distribution in this form does not imply endorsement by the Organization of the ideas expressed.
Table of Contents
Page No.
1. INTRODUCTION 1
2. DATA COMMUNICATION TECHNOLOGIES 2
2.1 Networking 2
2.1.1 The OSI Model 2
2.1.1.1 Connection Services: Layers 1-2 3
2.1.1.2 Transport Services: Layers 3-6 6
2.1.1.3 Applications Services: Layer 7 7
2.1.2 Network Classification 7
2.1.2.1 Geographical Area Coverage 7
2.1.2.2 Resource Distribution 7
2.2 The WMO GTS 8
2.2.1 Satellite -based Platform 9
2.2.2 Ground-based Platform 9
2.3 The Internet 9
2.3.1 Internet Resources 10
2.3.2 Resource Transport 11
2.3.2.1 IP Address 11
2.3.2.2 Domain Name 11
2.3.2.3 Universal Resource Locator (URL) 11
2.3.3 Resource Storage 12
2.3.3.1 Server Type 12
2.3.3.2 Server Connection to Internet 12
2.3.4 User Access to resources 13
2.3.4.1 Dial-up Terminal-Type Connection 13
2.3.4.2 Dial-up TCP/IP Connection 13
2.3.4.3 Connection Over Internet Network 14
2.4 Internet Security 14
2.4.1 Cryptographic 14
2.4.2 Firewall 15
2.4.2.1 Proxy Servers 15
2.4.2.2 Routers 16
2.4.3 Physical Isolation 16
2.4.4 Protocol Isolation 16
i
i
2.4.5 Protocol Isolation with Server Replication 17
2.4.6 Multi-homed System with Routing Disabled 17
2.4.7 Tunnelling Through the Internet 18
3. SYSTEM VISION 18
3.1 System Concept 18
3.2 Considerations 18
4. SYSTEM DESIGN 20
4.1 Communication Link Sub-System 20
4.1.1 Satellite Communication Links 20
4.1.2 Terrestrial Communication Links 20
4.1.3 The X.25 and IP Protocol 21
4.1.4 The Role of Internet in the GTS 22
4.1.4.1 Application of Internet Technology within GTS23
4.1.4.2 The GTS Completely turned over to Internet 23
4.1.4.3 A Mix of GTS and Internet 23
4.2 The AMSS Sub-System 23
4.2.1 AMSS Data/Products Reception 23
4.2.2 AMSS Data/Products Transmission 24
4.3 Database Management System (DBMS) 24
4.4 Products Generating System 25
4.4.1 The Plotting Module 25
4.4.2 The Climatological and Database Management Module 25
4.4.3 The Media Module 26
4.4.4 Operational Weather Forecasting Module 26
4.4.5 Numerical Weather Prediction (NWP) Module 28
4.4.6 Internal Internet Web Server Module 29
4.5 Protecting The GTS 29
5. THE RECOMMENDED COMPUTERIZED DATA HANDLING SYSTEM 31
5.1 The Basic Computerized GDPS System 31
5.1.1 Hardware 31
5.1.2 Software 32
5.1.3 DBMS system 32
5.1.4 Training 32
5.2 Migrating Towards The Desirable GDPS System 32
5.2.1 The GTS Circuits 33
5.2.2 The Application sub-system 34
ii
5.3 The Basic Internet System 34
5.4 The Desirable Internet Connection 34
5.5 Remote Access Services (RAS) 35
6. COSTS 36
7. TRAINING 36
8. CONCLUDING REMARKS 37
9. REFERENCES 39
10. ANNEXES
Annex 1 The Basic NMC Computerized Data Handling System 40
Annex 2 A Simple Remote Access Services (RAS) Configuration 41
Annex 3 The Desirable NMC Computerised Data Handling System 42
Annex 4 The Multi-User Dial-up Internet System 43
Annex 5 The Desirable Internet System 44
Annex 6 Estimated Costs of Typical Packages 45
Annex 7 PC System Specifications 46
Annex 8 Some OSI Model Implementation 49
iii
1. INTRODUCTION
For the NMCs to carry out their work they need data and/or products. The data is obtained from their national observing stations, the Regional Telecommunication Hubs (RTHs), meteorological Satellites and through bilateral arrangements with neighbouring NMCs and other Institutions. The products are mainly received via meteorological satellites but can also be received via fax and Internet.
The data so collected is quality controlled and further processed to produce national products. The national collectives are also injected into the WMO Global Tele-communication System (GTS) for onward transmission to the RTH and/or other NMCs. The NMCs prepared products may also be communicated to national “zonal offices.” With regard to received products, the NMC would further process these to derive value-added products which are used at the NMC and at its zone offices.
In pursuit of carrying out these functions NMCs in RA I have, over the years, invested heavily to implement a robust operational regional data handling infrastructure - an infrastructure which includes the data observing system, data collection, tele-communications and data processing facilities. The National Meteorological Centres (NMCs) expected returns from this investment includes the timely preparations of national products from local data and/or imported products to service the national needs and the capacity to transmit or re-transmit such data and/or products to other NMCs.
However national and international requirements are constantly expanding in volume and sophistication; the NMC have to respond to these changes, national financial constraints notwithstanding, by further investments in:
Observational network expansion Data and products transmission capacity Data and products handling
The twelfth Session of RA I (Arusha, 14-23 October 1998), tasked the Working Group on Planning and Implementation of World Weather Watch (WWW), among other things are the following:
Review of the Regional Telecommunication Networks (RTNs), and monitoring their implementation and operation.
Monitoring the status of implementation and operation of Regional Data-processing Centres, emerging Centres and National Meteorological Centres including pilot projects on computerization.
Pursuant to these tasks, a detailed specification for organizational and implementation aspects of the GDPS infrastructure at NMCs in RA I which include suggestions of cost effective systems for the modernization of data processing facilities, related telecommunication interface facilities for data collection , quality control of data and post processing of imported products to generate value added products meeting national and other users requirements are being provided in this report.
2. DATA COMMUNICATION TECHNOLOGIES
Presently meteorological data/products can be communicated between centres using the GTS or the Internet.
2.1 Networking
A network is a collection of computers and other devices along with cabling and the network interface controllers that are inside the computer and the software.
The principal aim of networking is to have a sharing of data and information resources. The WMO GTS has the same main function of ensuring global sharing of meteorological data and information. The Internet is also a data/information sharing system. It seems natural therefore to briefly discuss networking before discussing the GTS and the global network of networks (Internet), and how the GTS can interact with Internet and benefit from its technology.
List of some network hardware and peripherals:
- Computers: PCs, Workstations, Clients, Servers, etc.- Printers of different types- Cash Registers and Point of Sale Devices- Cables and wires, fibre optics, Microwaves, etc.- Hubs, Routers, Gateways, Terminal Servers, Modems, etc.
Two principal types network software:
a. Network Operating Systems (NOS)
- Novel NetWare- Windows NT
b. Network Applications (2 types)
- Pure Network Applications which include E-mail, FTP (File Transfer Protocol), Terminal Emulation, Web Browsers
- Stand-alone Network Applications which include Word processing, Spread sheets, Databases, etc.
2.1.1 The OSI Model
If every network vendor were to build a network in ones own way, the situation would be extremely complicated and chaotic. The International Standard Organisation (ISO) proposed a model in which network communication is divided into seven (7) layers. The model is called, The Open System Interconnection (OSI), which provides a framework and guidelines for network communication. The philosophy of “divide and conquer “ is used in this system, the complicated system is divided into smaller manageable layers. There are set of rules that has to be followed to implement any of the layers, called PROTOCOL specifications. The rules are like house drawings, which, if given to different contractors will result into similar but not identical houses. The drawings are the protocols and the houses are implementation of the protocols. The functions of the layers are summarized in Annex 8.
The 7 layers of OSI model are sometimes grouped into 3 broad categories based on broad functionality or services they offer, these are:
Connection Services : Layers 1-2
Transport Services : Layers 3-6 Application Services : Layer 7
2.1.1.1 Connection Services (Layers 1 – 2)
This group is concerned on how information gets from one computer in to the network connection medium (e.g. cable) and how the information moves from the medium into the computer at the other end. The implementation rules (protocols) for these two layers have to consider:
Types of transmission media Data transmission rates in the media The physical layout of the media and devices – topology Methods to access various media
There are number of set of protocols in which vendors can adhere to when designing the connection services such as, the IEEE (Institute of Electrical and Electronic Engineers) suite, Ethernet, Token Ring, ARCNET, etc. To have a good understanding of these sets of protocols, it requires some basic knowledge on the four considerations upon which the rules are based:
a. Medium Types (Types of transmission media)
Data can be transmitted using either bound or unbound medium.
Bound Media is based on cable of many different types, such as thin coaxial, thick coaxial, optical fibre, etc.
Unbound Media is based on air and implementations including microwave, laser, infrared and radio.
There are many in determining which medium implementation should be used. In a Local Area Network (LAN) cabling would be used but to connect two LANs which are far apart, microwave could be chosen. There are different accessories required to build network and interconnect them, e.g. hubs, repeaters, connectors, terminal plugs, modems, routers, etc., which all go into preparing the road on which data will travel.
b. Transmission Data Rates (Data transmission rates in the media)
How much data can be transmitted:
From one device to another over the medium/cable Between networks connected in a Wide Area Network ( WAN) Over the Internet.
It could be as little as a few thousand bits per second or as much as hundreds of millions of bits per second. In the Internet situation the “last longest mile“ phenomenon is the most speed restricting factor to end users. It should also be remembered that graphic files are generally huge that requires high data transmission speed.
c. Network Topologies (The physical layout of the media and devices)
Describes the physical layout of the network medium and attached devices. (DVC=Device)
Star
BUS
Ring
Mesh
d. Access Methods (Methods to access various media)
DVCn
DVC2 DVC3
DVC1
DVCn
DVC1 DVC2
DVC3
Dvc1
DVCn Dvc2
DVC3 DVCn
DVC21 DVC1
HUB
Dvc3
Access methods are the rules that govern how the various devices that make up the network communicates, either using a common medium or on point-to-point links.
Contention - CSMA/CD
CSMA/CD stands for Carrier Sense, Multiple Access with Collision Detection. This is an access method in which any device wishing to transmit data/products listen to the medium, when it is idle the device transmits. If more then one device transmits at the same time the data packets will collide to produce noise detectable by ALL network devices. Transmission will terminate and the transmitting devices will choose a RANDOM time interval to re-schedule retransmission of the collided frame.
Token Ring
In this access method, the devices do not share a common medium but instead have a point-to-point link which form a closed loop (ring). A special bit pattern called the TOKEN is generated and circulates on the ring and a device can only transmit if it has the token.
Polling
In this system one computer designated as controller will poll the others to find out whether they have something to transmit.
Each of these access methods has their own advantages and disadvantages. Ethernet and Token Ring are very popular. Ethernet is the most common for small networks because it is cheaper.
There are many connection services protocols. The three most common protocols that many vendors use to implement the connection services (Physical and Data Link layers) of the OSI Model are:
The IEEE Protocol Suite
The Institute of Electrical and Electronic Engineers (IEEE) developed the so called “802 Series” protocol suite which deals with the Physical and Data Link layers. The 802 series has several components, 802.2 through 802.5.
Ethernet (standard)
- All attached devices operate independently (peer to peer)- All devices are attached to a shared medium (bus)- Medium access control is by CSMA/CD- Various kinds of Coaxial cables are used
Ethernet is considered simple, fairly robust, inexpensive and is therefore the most popular. Ethernet resembles the IEEE 802,3 standard in many ways.
Token Ring (standard)
Does not have a shared medium, each device is connected to the next one in a ring formation
Has a controller to manage the token
Uses token ring as its medium access control
Has star or ring as its topology
Is an IBM standard which resembles 802.5
2.1.1.2 Transport Services: Layers 3 – 6
These services augment the connection services to provide reliable communications between computers. The services ensures that:
the two communicating devices are properly connected.
the data packets are properly addressed and checked to make sure that no packet is lost or damaged.
the data format is in conformity with the application requirements – where necessary format conversion is performed.
The most popular protocols to operate within the Transport Services are the TCP and IP.
The Origin of TCP/IP
The US government funded the development of suite protocols which collectively has come to be known as the INTERNET Protocol, essentially to enable the networking of dissimilar computer systems the government had. The two best known components of the Internet Protocol suite are the IP and TCP. TCP fulfilling the functionality of the OSI Transport Layer and IP fulfilling the functionality of the OSI Network Layer.
The TCP/IP Implementation Various vendors have used the ISO OSI model to produce various networks: NetWare, SNA Network, DECnet, AppleTalk, TCP/IP, etc. Annex 8 to this report shows the “NetWare” and “TCP/IP” implementation of the model. The WMO GTS had decided to use TCP/IP for a number of reasons, not least because Internet also uses it. There is more to TCP/IP than just TCP and IP. TCP/IP is a SUITE containing many different protocols that work together. Brief description of the two most popular components of the suite.
IP Protocol (OSI Layer 3)
This protocol takes care the packaging of data for delivery. It defines an address scheme that UNIQUIELY identify devices on private networks and on the Global Internet (IP address). The data packets contain IP addresses of the sender and the recipient. The ROUTERS determine exactly what to do with the packet used in this information.
TCP Protocol (OSI Layer 4)
Error checking and sequence numbering of the data packets are two main functions of TCP, telling the sending device to retransmit any lost or erroneous data packets.
Annex 8 shows the TCP/IP OSI model implementation has the top four layers bundled together so that, for example, the File Transfer Protocol (FTP) carries out all the functions of the OSI model layers 5 to 7.
2.1.1.3 Application Services: Layer 7 Services in this layer depend on the other two services. The Application Services let an application on one computer talk to a similar application on the other computer in order to perform functions like copying files, etc.
2.1.2 Network Classifications
Networks can be classified either by the area they span or by the way the resources are distributed on the PCs that are connected on the network..2.1.2.1 Geographical Area Coverage
These networks are based on the size of the geographical area they span:
a. Local Area Network (LAN)
This network spans one office or one floor of a building or the whole building, or could even several neighbouring buildings. LANs have high data transfer, low error rates and inexpensive media.
b. Wide Area Network (WAN)
Normally, WAN is the result of interconnecting several LANs across different cities or countries, e.g. Internet. Communication over WAN takes place via telephone lines, satellites or terrestrial microwave systems.
2.1.2.2 Resources Distribution
Networks can also be classified based on the way resources are distributed. Resources may be located on each of the computers that are on the network (peer to peer architecture), or may be placed on a few specific computers called “Servers”. Other computers called “Clients”, would access the resources stored in the servers (client/server architecture).
a. Peer-to-Peer Architecture
In this architecture, computers on the network may share its resources with others. All computers are “peers” (are equal) and there is no centralised resource management. While this architecture may work well for small networks, the lack of central resource control complicates resource access for networks with a large number of users.
b. Client/Server Architecture
In this architecture, the resources are placed on the server where all users can obtain them. There are e-mail servers, file servers, print servers, web servers, etc. The management of the resources (servers) is centralised and carried out by one computer - Network Server. Depending on the volume of the resources, more then one resources can be co-located on one physical computer; e.g. one PC can store e-mail and file resources.
Notes:
Client/Server implementation is by software where there is a “server” version of the software on the server computer and a “client” version of the same software on the client computer.
Even though essentially a peer-to-peer implementation may not require centralised resource management, it can work better with servers.
2.2 THE WMO GTS
In a sense the WMO GDPS GTS all along has been a closed private communication system, much like America On Line (AOL), CompuServe, etc. That is, the GTS can be visualised as an “INTRANET” albeit with old technology and whose subscriber have, so far, been the world’s national meteorological services.
Specifically, the GTS consists of an integrated network circuits which interconnect meteorological telecommunication centres. The circuits of the GTS are composed of a combination of terrestrial and satellite communication links. They comprise of point-to-point circuits, point-to-multi-point circuits for data distribution, multi-point to point circuits for data collection, as well as two-way multi-point circuits. And just like the Internet the GTS has a hierarchical structure:
The Main Telecommunication Network (MTN) The Regional Meteorological Telecommunication Network (RMTN) The National Meteorological Telecommunication Network (NMTN)
The MTN is the backbone of the GTS. It links together three World Meteorological Centres and 15 RTHs. In this hierarchical structure RA I has four RTHs, namely Algiers, Cairo, Dakar, and Nairobi. These RTHs connect to the MTN via other RMTN or directly. The MTN has the main function of providing an efficient and reliable communication service between its centres, in order to ensure rapid and reliable global and inter regional exchange of observational data, processed information and other data required by Members
The RMTN is RA I highest circuit network level. It consists of an integrated network of circuits interconnecting meteorological centres, which are complimented by radio broadcasts where necessary. The RMTNs are there to ensure the collection of observational data and the regional selective distribution of meteorological and other related information to Members in RA I. The Data/Products Collection and Transmission platforms can be either satellite-based or ground-based.
2.2.1 Satellite-based platform
Satellite-based data/products collection and/or data distribution platforms are integrated into the GTS as an essential element of the global, regional and national levels of the GTS. The satellites are used for data collection of the observation data from the Data Collection Platforms (DCPs) and for distribution of data and/or products through the MDD and PDUS systems of METEOSAT or FAX-E of EUTELSAT. All these supplement the point-to-point GTS circuits, and several countries have implemented satellite-based telecommunication systems for their national meteorological telecommunication networks.
2.2.2 Ground-based Platform
The national meteorological Services collect observational data from their own network of ground-based observing stations (automatic and manual), quality control the data, use it, and at the same time put it on the national meteorological telecommunication network. Using the present store-and-forward procedures the data is then put on the GTS to be forwarded to the RMTN at the RTH and on to the MTN. Depending on the responsibility of the NMC, locally prepared products could also be forwarded.
The point-to-point links within the GTS are well defined and are in hierarchical structure which NMC links to which RTH and in which RTH links to which of the three WMO world centres in the backbone. However, for practical and efficiency considerations bilateral links may also be established on the GTS. Significant improvements continue to be recorded on the implementation status of the GTS at various levels in RA I. From the total of 87 Regional Meteorological Telecommunication Network circuits, 78% were implemented by 1998, 5 of which were digital at a high speed of 64 kbps, 21 were medium speed telephone type circuits and 42 were low speed telegraphic type circuits. The implemented circuits composed of 6 circuits on MTN, 13 on inter regional circuits and 49 regional ones. However, despite these improvements made in links implementation the total process of handling meteorological data/products remain a problem in RA I that needs further attention
In RA I, the RMC and RSMC which are generally co-located with RTHs may have lots of data/products, some are locally prepared others are imported. For these products to reach, the NMCs there must have good links between the NMCs and the RMC or RSMC. In many cases the links are still at low speed telegraphic ones. Some of the centres (RMC/ RSMC/NMC) may not be appropriately equipped - in terms of computer hardware, software or expertise - to generate or receive the required data and products. While some centres may have to start from a scratch, a few may merely need to upgrade.
Because of the variability of the extent of the problem, the suggested modular solution is thought to be more appropriate as this will facilitate for a centre to determine according to the needs and availability of resources and how to prioritise the modules for implementation.
2.3. THE INTERNET
The Internet is a hierarchical GLOBAL communication network of interconnected computer networks. At the top of the hierarchy is the backbone network that goes around the globe which is like a huge electronic data pipe (edp) capable of speed, of up to 600 Mbps. Smaller edps branch off from the backbone network and so on down to the home user whose modem connection may have a typical speed of 28.8 kbps or less. The size of the edps is measured in terms of bandwidth - the higher the bandwidth the more the data that can be transported through it.
Leasing of edps is similar to whole sale and retail businesses, the bigger companies acquiring high bandwidth which they in turn divide into smaller bandwidths and lease to smaller companies. Many of the small companies may have dedicated leased lines that are always connected to the Internet and in this way they will have their networks directly and permanently attached to the Internet. Some of the companies called the Internet Service Providers (ISPs), are in the business of providing Internet connectivity to other small institutions and individual users. The end user connects to an ISP with a dial-up modem on making a phone call to the ISP.
The amount of data carried on the Internet is like the amount of water that flows in the city - water distribution system. The bigger the pipe the more the water it carries. The huge pipe brings water to the city boundary and then the pipe sizes are progressively reduced down to the smaller household. The Internet information is divided into chunks and placed into packets, which are then addressed to a destination computer and sent over the Internet. The transportation of the packets is analogous to the freeway system in which the car is an independent delivery system just like the information packet. At the freeway intersection the driver decides which turn to take so as to quickly reach the destination. In Internet, a device called the ROUTER take those decisions at the intersection.
Just like traffic rules, which regulate freeway users, there are also rules that define packet communications and handling. One SET of such rules is the TCP/IP (Transmission Control Protocol/Internet Protocol) which is the most supported protocols it specifically defines:
how much data goes into a packet; how to address the packet; how to transmit it over the network; how to route around failed links; how to detect errors and missing packets and get retransmission.
The Internet provide “products” (resources) to customers (users). What are the products, how are these products transported and how are they made available (accessed) to customers, these will be covered in the next section.
2.3.1 Internet Resources
There are several products from cyberland, which are collectively known as resources, that customers world wide would like to have. These products are information-based, and the Internet is a communication system which facilitates the transpiration and sharing of the products by members of the cybertribe. The cyberland products include:
Electronic mail File Transfers The World Wide Web (WWW) or in short “the Web”
The resources have identifiers, normally the name of the protocols that are used in their handling:
Electronic Mail e-mail File Transfer FTP (File Transfer Protocol) WWW HTTP (Hyper Text Transfer Protocol)
2.3.2 Resource Transport
To transport any product at times, it would require unique identification marks. In the Internet communication system the identification marks include:
2.3.2.1 IP Addresses
Just like an individual wishing, to make a distant communication a unique address must be used. All communicating devices (PCs, Routers, Printers, etc.) were directly connected to the Internet and MUST also have a unique address. The address is a 32-bit binary number with a special format like:
Human find these numbers difficult to remember. So unique names are used instead, and the Internet system map the names into corresponding numbers. The number/name is called the IP Address. The IP address MUST be unique, no two devices in the whole global Internet system can have the same IP address. It must be emphasised that information communication within Internet is ONLY based on the IP numbers and NOT on the names, we, human use!
The IP addresses (numbers) are divided into classes - Class A through Class E. Classes A to C are commonly used. Class C, whose first octet runs from 192 to 223 can provide a total of 2,097,152 x 254 unique addresses. This might sound a lot of addresses but the hyper Internet growth is depleting the addresses so fast that new addressing schemes are already being researched on.
2.3.2.2 Domain Name
These are the names used instead of the IP numbers. The naming system is hierarchical in structure. The Domain Name System (DNS) Server does the mapping of names to numbers. When a domain name is specified in an Internet application, a query is sent to the DNS Server that converts the name into an IP number that is then used in all subsequent communications
2.3.2.3 The Universal Resource Locator (URL)
Suppose it is required to access an FTP resource, to identify it you need to provide:
resource type : FTP location where the resource is stored : Host name path to the file : directory/subdirectory/....../filename.ext
A URL is a standard way of identifying a type of Internet resources and its location. It is basically a string of characters consisting of:
(i) Resource type (identified by protocol):
http:// for WWW ftp:// for FTP Domain Name (IP): server name where resource is stored. Path Name: Specification of the file holding the resource, e.g.
148.140.9.230
where:
http:// = resource www.bigweb.com = domain name/Travel = pathname of the directory, where to find the source fileMyCruise.htm = filename of the source filehtm = file extension to identify file type
2.3.3 Resource Storage
Having manufactured the products and properly labelled them, Internet would transport them to outlet points where they would be temporarily stored before they are delivered to customers. In cyberland, the storage places are called SERVERS. This subsection also explains the management arrangement of the servers within the Internet system.
2.3.3.1 Server Types
There can be many types of servers as there are different type of resources:
e-mail Server FTP Server Web Server
But there may also be special function Servers, such as:
Domain Name System (DNS) Server Windows Internet Name Service (WINS) Server Proxy Server Print Server, etc.
It should be emphasized that for a server system to work, three principal items are needed:
A PC that holds the resource called HOST or SERVER A PC requesting the resource called CLIENT Application Software: Server version on the Host and client version on the client PC.
Note: More than one server can co-exist on a single physical PC.
2.3.3.2 Server Connection to Internet
Recall the term “server”, it refers to both the physical location where a resource is stored and also the software that handles the resource. Both of them have the primary aim of making the resource, in question, available to the users. In doing so, primary consideration must be given to the type and speed of the telephone line that access the resource. There are several ways of implementing a server connection to the Internet, web server is an example:
Connecting via Host System
http://www.bigweb.com/Trave/MyCruise.htm
If you can not afford to own a server (PC) and/or the cost of 24-hour dedicated phone line an ISP can be requested:
For disk space to host your Server
To physically locate your server (PC) at the ISP site and connect it to ISP LAN; hence your server will be directly connected to the Internet. The server can then be managed by connecting to the ISP and logging into it as the administrator.
Connecting via an ISP
In this type of connection, the server PC will be located at own site and a 24-hour connection to the ISP must be maintained. The connection between own site and ISP could be:
dial-up voice line of at least 19.2 kbps or better ISDN 128 kbps or higher other digital services, e.g. T1 (at 1.544 Mbps)
Becoming Own ISP
Now you need to buy a large chunk of bandwidth from PTT to enable direct connection to a level on the Internet hierarchy higher than the local ISP. Some of the excess bandwidth can be sold to others who can connect their servers via your site.
Note: A server software could include several services, for example a PC on which WinNT Server has been installed can be configured to include:
WWW Services Gopher Services FTP Services Inter-Service Manager, etc.
2.3.4 User Access to Resources
This subsection covers on how a customer places an order and takes delivery of the products he needs using the Internet communication system. Presently, there are three basic ways to connect to the Internet to access server information.
2.3.4.1 Dial-up Terminal-Type Connection
The client computer dials into a Service provider and attaches to a computer at the ISP’s site that is connected directly to the Internet. This is terminal mode where the client is not directly connected to the Internet. And more importantly, in this type of connection, TCP/IP is not used. This is called a SHELL ACCOUNT connection.
2.3.4.2 Dial-up TCP/IP Connection
The client dials up the ISP. Once logged in, the ISP issues the client with an IP address and establishes a low-level protocol (SLIP or PPP) which allows TCP/IP packets to travel across a normal telephone line. In this case, the client becomes a node on the Internet and can run any Internet or web browser.
2.3.4.3 Connection Over Internet Network
In this access method, users are attached to the local Internet LAN which in turn is connected to the Internet through a ROUTER. The router manages traffic in both directions. Performance is determined by the telephone/modem connection. Many users operate at 14.4 or 28.8 kbps. User can have other high speed Internet connections through ISDN or other high-speed leased digital lines.
2.4 INTERNET SECURITY
The growth of International networks, public and private email systems, and radio communication requires a greater need for security. Protocol analysts can view data streams on the network, and by design the Internet allows wiretapping. It is estimated that 20% of the message traffic sent via the Internet is copied and stored somewhere by someone (other than the sender or intended recipient). On the Internet, anybody (apart from the recipients) just look and duplicate your mail or change the content of the messages.
Apart from insecurity of data, as is being transmitted, there are also security issues regarding data legitimately stored in servers. Hackers can break into the server to:
bring software-bugs that may damage the data; steal data and put them into inappropriate use.
And to secure Internet data handling requires:
the ability to prevent unauthorised monitoring of data transmission; a way to prevent message alteration; a way to authenticate a message source; a way to prevent unauthorised access to data and its inappropriate use.
These requirements are realised through a number of security measures - both software-based and hardware-based. In the TCP/IP set up, the measures cover the whole model structure, from the physical layer through the application layer. Here is a summary of some of the measures.
2.4.1 Cryptographic
A technique which provides a way to transmit information across an untrusted communication system (e.g. Internet) without disclosing the content of the information to anybody monitoring the line. One encryption method uses a pair of keys. The sender uses the public key to encrypt the message and the receiver uses a private key to decrypt/decipher the message. The longer the key (in bits) the more secure it is. Presently, the 128-bit scheme is the market leader. The public/private key scheme is further supplemented by a digital signature scheme, which authenticates the sender.
2.4.2 Firewall
A firewall is a computer (server) that connects a trusted network with an untrusted network such as the Internet. It prevents some external users from accessing the internal LAN and also can restrict internal users form accessing the Internet. The restricting variables are:
Source address Destination address Port ( Resource )
The basic and main function of firewalls is to filter information. A firewall examines all data packets and then takes appropriate action - to allow or not to allow. Implementations of firewalls include:
2.4.2.1 Proxy Servers
This runs on a firewall host as a store-and-forward system. It takes FTP, HTTP, TELNET, etc., requests from Internal and external users, examines them and then takes appropriate action. A proxy server can have additional functions. One very good example of a proxy server is Microsoft’s “Catapult “ proxy server; which is capable of:
Handling non-TCP/IP networks Encryption Filtering (Application Layer, Domain Name and User Name)
The catapult server makes it possible to securely use the Internet as an alternative to use private dedicated telephone connections
CATAPULT PROXY SYSTEM
TCP/IP TCP/IP
.
.
INTERNAL NETWORK
CATAPULT SERVER
INTERNET
SERVER
USER1
USER n
2.4.2.2 Routers
Commercial Routers can be programmed to hold predefined lists of addresses, and; packet filtering is done based on the list. Some routers may be sophisticated enough to give proxy-like services.
2.4.3 Physical Isolation
This security measure requires more than one internal LAN. The servers are isolated from internal network and users can access the Internet through a separate firewall. The other LAN has dual communication with the Internet.
Note: To access the server on the 2-way LAN users on the internal LAN, it has to “backtrack” over the Internet connection. The administration of the servers is done via the Admin Workstation. This is a limitation of the system.
2.4.4 Protocol Isolation
On the server computer two different Network Interface Cards (NICs) are used; one connected to the internal network and using IPX and, the other card connected to Internet and running TCP/IP protocol. There is no across network traffic because each network is using a different protocol but both internal users, and users from the Internet can share information from the server each one of them is using a different protocol.
2.4.5 Protocol Isolation with Server Replication
PROTOCOL ISOLATION WITH SERVER REPLICATION
IP IPX IPINTERNALSERVER
INTERNETSERVER
INTERNET
SERVER
USRE 1
USRE n
This is a variation of (d) above with dual servers between which data is replicated. Protocol isolation is achieved by running IPX between the two servers, which individually each one of them runs TCP/IP. Because ALL information is replicated between the two servers both Internet users and internal users have access to the same and complete set of data.
2.4.6 Multi-Homed System with Routing Disabled
In this scheme there are two NICs in use, each is attached to a different network. Although both of them runs TCP/IP and since routing is DISABLED there can not be any traffic across networks, hence, the security of the system. It is the routing disabling which is the key to the security of the system.
2.4.7 Tunnelling Through the Internet
This is a software solution in which the TCP/IP software encrypts data before sending it over the network. IP tunnelling ensures secure, private communication for online activities like connecting to the office via the Internet. Note: Client/Server tunnelling software must be appropriately installed.
3. SYSTEM VISION
As the Internet continues to shape developments in IT and as PCs become more powerful and cheaper, the WMO GTS is being presented with alternative, more cost-effective means of meteorological data handling.
3.1 SYSTEM CONCEPT The WMO GDPS has been under “attack” by forces of technological change for quite a while. The results of which has been the emergence of automated GTS and computerised data/products handling systems. Before the advent of Internet the WMO data communication system was based on the “store and forward" procedures. Under these GTS procedures it was not possible to “fetch “ data/products from a source. Internet has changed all that. Using Internet technology it is now possible to configure systems which facilitate two-way data communication. This document provides details of some cost-effective implementations of such systems that integrate automated message switching and telecommunication functionality with computerised meteorological applications. Systems that have clear migration paths in response to GDPS requirement increases in scope and sophistication. The modular approach to the design of the systems playing a major role in the definition of such paths.
3.2 CONSIDERATIONS
The most important aspect of the above system concept is migration which simply put means the ability to upgrade the system without discarding what is already there. The ability to build on what already exists. When NMCs try to constitute a system ensemble some of the following factors are to be considered: A migration path which takes into account the hyper evolution of Information
Technology (IT) and at the same time, retains GDPS’s fundamental philosophy
namely, timely meteorological data and products reception, processing and dissemination.
Migration, which should, as far as possible, includes system elements presently on hand. RMC/NMCs should not be expected to throw overboard all and sundry of the GTS infrastructure they have in favour of new technology. Centres in RA I have already invested a lot of their meagre resources to get to where they are. So migration need to be gradual and should also provide a reasonable overlap period.
Where there is a possibility of choosing migration paths, the path with a lower learning curve should be preferred. In this connection, not only does training need to be emphasised, but also the notion of the “black box” technology must be discouraged. Centres receiving new technology must be provided with the needed expertise to handle it, if that technology is to make the expected impact. There are cases where foreign experts have designed and installed meteorological GTS related systems without the full participation of the local personnel. In some other cases the foreign system installer has left behind no adequate manuals. All this makes maintenance of the new system a nightmare.
So much is presently happening in cyberspace to the extent that the direction of change is unpredictable. The Internet is a case in point. It may therefore not be prudent to completely tie the GDPS GTS to the Internet. While the GTS, like commercial closed systems (CompuServe, AOL ) should continue to collaborate with the Internet, but because of the Internet’s unpredictability, the GTS should remain an Intranet, at the same time, a pace manageable to the NMCs. Internet technology should be used to provide the services and to meet the increased needs for meteorological products.
There are many advantages in the WMO GTS collaborating with the Internet. The advantages include:
exchange of data and products as an adjunct of the GTS; exchange of non-time critical information such as climate data; dissemination of information to the full spectrum of users; collaboration between Members; downloading and exchange of software.
Access to information provided by the WMO web site.
The hyper growth of Internet in terms of users and material carried on it, does not seem to match development in telecommunication infrastructure, especially in RA I. As of now (year 2000), the Internet is not particularly suitable for real-time meteorological data/products exchange. However, for non-real time, and in some cases even for real time data/products exchange, the Internet may provide a cost effective mode of exchange.
Imagine the main RTHs being disabled through the “denial of service “ or “love bug” viruses. The resulting GDPS meltdown would unleash catastrophic global consequences. Serious security considerations must be made before NMCs decide to interconnect their GTS with the Internet because the strength of a chain is determined by its weakest link. WMO would have to ensure that all NMCs
connected to the Internet are secure to guarantee the security of the GTS as a whole.
4. SYSTEM DESIGN
The GDPS data handling system can be subdivided into three main functional sub-systems:
Communication Links Automatic Message Switching and Data Base Management Products Generating/Applications
The Application subsystem can, in turn, be divided into several modules, which can be independently implemented.
4.1 COMMUNICATION LINKS SUB-SYSTEM
The WMO GTS circuits use both terrestrial and satellite communication links to provide NMCs with different types of meteorological data and products; which can be in text, GRIB, BUFF, Satellite and Radar image format.
4.1.1 Satellite Communication Links
Presently, several satellite-based data distribution systems are available to Members of RA I , which include:
The Meteorological Data Distribution (MDD) The International Satellite Communication System (ISCS) SADIS RETIM and FAX-E (for North Africa )
To be able to receive and display satellite data/products the NMCs and RTHs require ground equipment, which include receivers and computers. By the year 2003, all current MDD, DRS and DCP services and the HRI and WEFAX which are provided by METEOSAT will be replaced by fully digital LRIT and HRIT of the MSG receiving systems. This requires new ground receiving equipment.
4.1.2 Terrestrial Communication Links
At an NMC different types of data such as synoptic, upper air, etc., may be received through a variety of means.
Radio Telegraphic lines Telephone/data lines, fax Dedicated data lines using X.25 or IP protocols. Internet (e-mail, FTP Server)
Where national observing stations are spread over large areas and are at long distances to the NMC, it may be cost-effective, in a number of ways, to group them into zones and then establish a medium speed link to one station within a designated zone as “zone office“.
Resources permitting and where the technology exists, the zone offices could be networked using Frame Relay on the Public Telephone Network System to form a single “Cloud“. The practical benefits of the cloud approach include:
Cost Effectiveness
Generally more cost-effective then dedicated leased circuits. Economy of scale for large centres. Capacity can be selected incrementally.
Flexibility
Virtual circuits can be added and removed easily. Virtual circuits' capacity can easily be adapted.
Technical support and services from the Network Services provider facilitates operation and management.
Opportunity to accelerate TCP/IP implementation.
The implementation of a cloud which extends beyond single NMC, while has benefits, has problems regarding:
Standardisation of the cloud system. Sharing of costs. Security aspects related to TCP/IP and a mixed Internet/GTS environment.
Could the following political groupings in RA I be used to bring about the establishment of clouds?
ASECNA which already has SATCOM. SADC which is planning for a telecommunication network for civil aviation. IGAD which could establish another cloud covering the Horn of Africa, etc.
4.1.3 The X.25 and IP Protocols
The strategic direction in the development of the GTS is based on the Open System Interconnections (OSI) as set out by the International Standards Organisation (ISO). In consideration of the hyper evolution of the Internet and the supporting technical standards, vis-à-vis, WMO is expanding functional needs of its various programs. The WMO has decided to replace X.25 with IP of the TCP/IP protocol suite for supporting GTS operational needs.
The OSI is a layered model consisting of seven layers. There are several protocols, which operate in the network layer (third layer) of this model including: IP, CLNP, IPX, etc. The WMO has chosen the IP protocol because:
IP (TCP/IP) is more or less the Internet Industry Standard and vendors are now concentrating on this protocol, thus making it relatively cheap and very popular.
IP (TCP/IP) supports numerous applications which are available off-the-shelf, e.g. telnet, FTP, e-mail, web browsers, multimedia, RAS, etc.
IP (TCP/IP) is routable and offers connectivity in a heterogeneous environment, thus enabling it to connect and inter-operate with many other TCP/IP-based hosts such as UNIX, VMS, IBM Mainframes, Macintosh, etc.
These IP (TCP/IP ) characteristics ensure savings in both direct costs and in the cost of human resources development. However, a wide spread application of IP protocol on the GTS requires not only adoption of switching applications, naming convention and IP address convention but also a very serious security consideration. These are some of the things which stand as challenges to the WMO as the Organisation contemplates applying Internet technology to the process of building up an improved GTS.
4.1.4 The Role of Internet in the GTS
The Internet is a global network of PC networks. It is an open system as opposed to the likes of CompuServe, AOL, the WMO GTS, etc., which are basically closed systems. Several services are presently available on the Internet:
e-mail File Transfer Web Browsing, etc.
The commercial closed systems are collaborating with the Internet by making themselves gateways to these services, thus acting as ISPs, so too the WMO GTS. Using the above Internet services an NMCs could:
Complement GTS function of data and products exchange
Reach the “world” both in providing its services and products; and in its own general exposure
Interact with each other and the WMO Secretariat. etc
but considering:
that evolution of the Internet is just as phenomenon as it is unpredictable, being driven and controlled only by market forces and so making its present (year 2000) performance, in terms of GTS data/products transmission, unpredictable due to its variable load and hyper growth.
that one of the most important functions of the GTS is to provide a SURE means of real-time data handling capability to NMCS.
that at certain NMCs, as a result of the local telecommunication infrastructure, Internet availability may be at an unacceptable low level.
There is a need to protect the WMO GTS operating in a mixed environment with Internet.
But from where, exactly, the GTS be protected? The GTS should be protected from the adverse results of the modalities of its interaction with the Internet and its technology. The nature of the mix in the application of GTS and Internet technology. The mix can be as outlined below.
4.1.4.1 Application of Internet Technology within GTS
In this scenario the GTS is viewed as a closed private network system - an INTRANET- in which:
IP addressing would be private and unlimited. Security concern would be much reduced. The WMO would take charge of its own destiny while enjoying the benefits of Internet
technology.
4.1.4.2 The GTS completely turned over to Internet
Assuming that Internet security issues have been resolved satisfactorily and WMO, therefore, decides to replace the complete GTS with the Internet system. In this situation the following remarks are pertinent:
The WMO will, from then on, have to manage the GTS according to the rules of the Internet; with all its unpredictability. For example, the WMO will need to modify some of its GTS procedures to fit into Internet rules, such as rules regarding IP addressing
The WMO will have to ensure that it provides the fast response to change the market-force-driven that the Internet goes through.
With Internet’s hyper growth it is unlikely that many of RA I Telecommunication Institutions will provide services to the level required by GTS real-time data and products communications. The Internet is already very crowded and in RA I speeds to access is relatively low.
4.1.4.3 A Mix of GTS and Internet
In the countries where Internet put through is high and connection tariffs are cost-effective the less time-critical meteorological data and products can gradually be put on the Internet. The gradual approach is preferred not only to ensure non-interruption to data/products transmissions but also to protect the investment of the NMCs in RA I have made on GTS. Besides, the WMO itself requires time to prepare guidelines on Internet implementation, design Internet compatible data/products formats etc.
4.2 THE AUTOMATIC MESSAGE SWITCHING ( AMSS ) SUBSYSTEM
The AMSS is the central element in an NMC computerised data handling system. Its main function is to automatically receive, check transmission errors, temporarily store and transmit different types of meteorological data and products. The technical details of NMCs AMSS are to be found at paragraph 5.1.
4.2.1 AMSS Data/Products Reception
The module should be capable of receiving meteorological data and products in a variety of forms, text messages, binary and satellite and radar, and receive it through different types of connections: satellite-based as well as terrestrial-based as explained above. Additional to these, the sub-system should be able to accept data and products from a locally attached keyboard, scanner and a secondary input device such as a diskette.
4.2.2 AMSS Data/Products Transmission
The module should be programmable to transmit data/products of a selected type to:
the DBMS module.
appropriate links such as through telegraphic and telephone lines and through data lines that use the X.25 and IP protocols which are connected to neighbouring NMCS, National Airports and other remote users.
4.3 DATABASE MANAGEMENT
Whereas it is possible to co-locate the pure AMSS function and the database management function on a single computer. The operations related to the two functions as well as software maintenance are normally performed by different staff categories. Hence, the need for having a separate Database Management System (DBMS) module on the LAN. The sub-system is to decode, reformat and quality control all data received from the AMSS. The data would subsequently be made available to ALL product-generating modules. Because DBMS module must have a rather extended time (up to several months) data storage capability and be available at all times.
The module should therefore consist of:
Either two file servers with high capacity hard disk drives and configured with data replication.
Or one such a file server with appropriate fault tolerance, such as disk mirroring, RAID, etc., to guarantee data availability.
In the initial stages of the GDPS computerisation process the DBMS module could also be used for (mere) displaying and printing data/products. When the Operational Weather Forecasting Module comes on stream in the Product Generating sub-system the displaying and printing can then be performed by the module where further processing of the DBMS data will be performed too.
Requirements
Either 2 types (f) PC systems (to ensure data replication) or 1 type (f) PC system which should now have 3-4 hot swappable disk drives.
Colour Scanner
Software
Windows 2000 (Operating System + File Server) PCGRIDS or Missir Vision or Other ORACLE DBMS Climos (SAWB)
4.4 PRODUCTS GENERATING SUB-SYSTEM
This is the sub-system responsible for the processing and post-processing of the various types of data and products stored by the DBMS to generate and display a range of products. The level of activity implementations for this sub-system depends much on the
availability of resources at the centre concerned and can include some or all of the following activities. It should be emphasised that the activities listed below are independently implementable.
Displaying various products from other centres Preparing, displaying, and printing aviation products Plotting and analysis of data for forecasting Numerical Weather Prediction (NWP) Preparing and displaying TV images for broadcasting purpose Climatological analysis, prediction and publications, and Database Management Internal Web The Internet
The following are resource requirements for each of the above elements. In a number of cases the Computer (PC) hardware specifications may be similar, and for this reason generic specifications are annexed and where applicable are referred to.
4.4.1 The Plotting Module
Function: To automate the plotting of meteorological data available from the DBMS, the requirements are:
Requirements:
Hardware
1 type (b) configuration PC System 2 Plotting Tables, e.g. HP
Software
Missir Aero (Corobor France) AFDOS (China ) Metgis - in-house developed by South Africa Weather Bureau (SAWB)
4.4.2 Climatology and Database Management Module
Function: To further quality control, process and archive meteorological data for non-real time applications. Preparation of non-real time products and climate research.
Requirements:
Hardware
Type (a) configuration of PC System Type (b) configuration of Workstation/File Server
Postscript high capacity printer Colour Printer Scanner (colour)
Software
Compilers FORTRAN 77, C++ Oracle DBMS Graphics File Server Software CLICOM Climlab developed by Nairobi NMC Climos developed by SAWB Publishing package
Note: The type of a PC system has, as a backup device:
The 24 GB Magnetic Tape Cartridge The 650 MB CD ROM Writer
4.4.3 The Media Module
Function: To prepare products that are put on the media. Apart from text forecasts, the module is also used in the preparation of TV forecasts. DBMS stored data/products are used to produce images for TV broadcasts.
Requirements:
Hardware
2 Types (a) configuration PC system 2 TV Screens 2 Video Recording Decks 2 Video Camera 1 Power Beam Projector 1 Mixer, Amplifier system Screen and overhead projector, lights
Software
Missir-Vision (Corobor - France) AFDOS (China) PCGRIDS (NOAA- USA)
4.4.4 Operational Weather Forecasting Module
Function: The DBMS sub-system would decode, quality controlled and stored the data/products, and this module would then display or print. Apart from merely displaying and/or printing the DBMS stored products a forecaster can also process further these stored data to generate value-added products. In doing so the forecaster may also make use of NWP data/products. However, to
receive NWP data/products it requires high-speed data links. And to be able to further process such NWP data it requires high specification workstations.
The data/products processing operations may consist of:
Data plotting, isolines contouring, shading Zooming, movie loops Vertical Cross Section Superimposition of data
on the following types of data:
NWP, Radar, Graphs Satellite, Soundings, etc.
Requirements to implement this module will depend on whether the simple or the advanced option is being implemented.
Simple Option Requirements:
Hardware
Type (a) configuration PC System with a 21” SVGA monitor Printer (Laser )
Software
Missir Aero (Corobor - France) PCGRIDS (NOAA - USA) AFDOS (China)
Advanced Option Requirements:
Hardware
UNIX Workstation with graphics card running at 500 MHz or faster 256 MB RAM 30 GB Hard Disk 19” SVGA Monitor CD ROM Streamer Tape Laser Printer UPS and Surge Protector
Software
A relational DBMS, e.g. Oracle A GKS SYNERGIE (Meteo France )
4.4.5 Numerical Weather Prediction (NWP) Module
There are two aspects of NWP, one aspect involves the reception and usage of NWP products, and the other aspect involves the actual generation of NWP products. Resource requirements for the realisation of these two aspects are inherently different. But both aspects require a high speed link to the NWP data/product’s source - 64 kbps preferred.
NWP Products Visualisation: This can be achieved using the aviation application Module covered above.
NWP Products Generation: When it comes to deciding on the requirements for the generation of NWP products the spectrum is very wide, a spectrum which depends, among other things, on:
NWP Model Type (Global or Limited Area) If model is Non-Global, other factors to be considered include:
Mesh size in geographical latitude/longitude Total data grid points Number of layers in the vertical Boundary data (normally obtained from global models)
Whether an RSMC runs a Global Model (GM) or a Limited Area Model (LAM), it must have good GTS links to assimilate the model data needed. To run a GM model, it requires multiprocessor super computers, which very few RSMC in RA I can afford, the SAWB is one exception. With its two 10-processor, Cray super computers and super workstations as pre-processors, the SAWB is running both the GSM and the ETA-co-ordinated regional model. No attempt will be made here to provide the requirement for running a GM.
There are several operational Limited Area (Regional) NWP models. To run any of such models require:
Initial and boundary conditions from a GM model can be obtained through bilateral arrangements with the GM’s owners and can be downloaded via high-speed GTS links or the Internet.
Computing capacity, which is variable depending on the total data grid points, total number of layers and mesh size. For example, the application of the NCEP Regional Spectral Model which has a horizontal resolution of 50 kms with 28 vertical layers, to a domain defined by 200 East - 550 East and 150 N and 150 S to provide a 48-hour forecast, the following computing resources would be adequate.
Hardware
Workstation, e.g. Sun SPARC, Silicon Graphics, Mercury, etc., with a dual processor running at 500-600 MHz
1 GB RAM 30 GB Hard Disk drive CD ROM drive 24 GB Backup Tape Cartridge Drive Postscript Printer UNIX Operating System
High speed “initial + boundary data collection” platform (e.g. AMSS) or Internet
Software
Model Program Products displaying program
4.4.6 Internal Internet Web Server Module
Function: A server connected to the internal LAN to provide email and Web Pages for internal use only.
Requirements:
Hardware: Type (a) configuration PC System
Software: Web Browse with e-mail *
Note: The Win 2000 Operating System can be appropriately configured to provide both the e-mail and browser functions.
4.5 PROTECTING THE GTS
As prices of PCs continue to fall and more PC-based meteorological computerised applications are being developed, many NMCs in RA I find it financially feasible, not only to automate data communication functions but also to computerised the whole data handling process. Central to such computerised system is the Automatic Message Switching System (AMSS) and the DBMS Server - a server that is capable of providing data to operational applications.
The conventional data sourcing of the WMO AMSS is the WMO global telecommunication network. With the advent of the global network of PC networks (Internet) the NMCs are realising that Internet technology can provide a more cost-effective data sourcing for the AMSS then GTS dedicated leased links. However, it is also being realised that the Internet and local telecommunication utilities have problems relating to:
Data destruction resulting from virus attacks. Inappropriate data usage. Inadequate transmission speeds to cope with crowding on the Internet in terms of both
users and data volumes. Lack of service priorities.
While on its own, the GTS is inherently safe, it is acknowledged that the moment the internal GTS LAN is shared with the Internet then the above problems will arise.
Because exchange of real-time meteorological data is critical to the operation of NMCs and unwanted access and misuse of the GTS could create a very serious constraints to ensure the highest priority for such type of data. Also, when the GTS uses the TCP/IP protocol it exposes itself to the full capacity of the TCP/IP connectivity which would also include the FTP and Web services which are huge consumers of bandwidth resources security measures that must be put in place to ensure that:
NMCs can transmit meteorological data via the Internet, the GTS is only used for the transfer of meteorological data/products between authorised hosts.
using the TCP/IP the GTS is protected from the full capacity of the TCP/IP connectivity, i.e. by blocking external FTP and Web services.
To achieve these and resolve the other Internet related problems, the GTS and the Internet must be segregated in such a way that there is ONLY flow of operational meteorological data between the internal GTS LAN and the Internet LAN and that the cross LAN data transmission is secure. Many of the above network security techniques have a segregation element in them and can therefore be used to that effect. Two examples are presented below:
Example 1 - Router-based
OPEN ACCESS
INTERNET LAN
GTS LAN ACCESS RESTRICTED TO NEIGHBOURING NMC ONLY
WWW SERVER
INTERNET
NEIGHBOURING NMC
AMSS
ROUTER
This configuration provides a safe way of using the Internet to connect to a neighbouring “single-hop “ GTS centre. Access lists on the router are responsible for firewalling
Example 2 - Protocol Isolation with Server Replication
IP IPX IP
TWO WAY DATA REPLICATION
INTERNAL LAN
INTERNAL SERVER
INTERNET SERVER INTERNET
WWW SERVER
SERVERS
USERS
Note: Each of the two servers has dual NICs, one running IPX and the other TCP/IP
Protocol isolation is achieved by IPX protocol connecting the two servers.
Information replication ensures that the two servers always have an identical data; this then also serves as backup system.
The internal (as well as Internet) server runs TCP/IP.
It must be emphasised that running network over the Internet instead of over dedicated leased connections can bring significant savings. So wherever possible NMC should explore the possibility of using the Internet as a basis of meteorological data transmission. However, while they do so, NMCs should remember that “a chain is as strong as its weakest link “. It must therefore be made mandatory for NMCs connecting their internal LAN to the Internet to also implement security measures. In due course, the WMO will come out with standard procedures of how to handle network security risks resulting from the use of Internet for GTS activities.
It must also be very strongly emphasised that technical expertise and strong management support are indispensable elements in implementing and enforcing an effective security policy. Without them, no protection will be achieved, even with the best and most expensive firewall system.
5. THE RECOMMENDED COMPUTERISED DATA HANDLING SYSTEM
It is rather difficult to configure a typical optimum NMC or RTH computerised data handling system because there are many constraining variables including the following:
The national telecommunication infrastructure, which is expected to provide the communication, links.
Financial resources to procure and install the hardware and software and pay for rentals.
Availability of local technical expertise in hardware and software to ensure maintenance and progressive future migration.
In addition, there is the difference in the actual functions between the RSMC/RTH and NMC centres to be found in RA I. For example, while an RSMC may need the NWP capability to carry out some of its functions a small NMC may not need that capability. But whatever the functions of an RSMC/NMC are, they all need an AMSS and a DBMS as a starting point and then add on to it what other modules are needed to carry out these functions.
5.1 THE BASIC COMPUTERISED GDPS SYSTEM
An AMSS is likely to be the starting point for many NMCs in RA I. The addition of the DBMS along with the data/products viewing application- the simplest of the applications- constitutes the foundation, the starting point on the road to a computerised WMO GDPS. Annex 1 shows the system layout. The recommended main items for implementing this system which is based on two server systems: one dual PC Message server system and a second dual PC Data server system are as follows:
5.1.1 Hardware
A direct link to the RTH operating at 19 kbps or higher and using IP (TCP/IP) protocol
Two type (a) AMSS PCs ( in hot stand by ) – Message Server One Router (e.g. Cisco) with:
one LAN port for 10Base-T
two WAN ports for speeds up to 64 Kbpstwo WAN cables
One V34 Modem: (e.g. Telinda Aster) One Ethernet Hub: 10Base-T, with 24 ports Ethernet Card (NIC) for 10Base-T LAN Sundries for LAN: Cables Connectors, Wall boxes, Ducting, etc. Two Printers: one colour, one laser black and white. Two 650kva UPSs
5.1.2 Software
Windows 2000 Professional Missir-Com
5.1.3 DBMS System
One complete DBMS as specified in 4.3 above.
5.1.4 Training
3 weeks of intensive hands on training at system installation time.
TOTAL SYSTEM COST ESTIMATED AT US $ 40,000 - 50,000
Notes:
If satellite systems already exist at the NMC they should be integrated into system as indicated. One or two additional type (c) PCs will be required for the reception of MDD and PDUS data. It should however be remembered that METEOSAT-7 ground receiving equipment will need to be replaced by equipment operating on the MSG system by 2003.
There must collaboration between NMC and the next hop on the link (RTH?) regarding routers and modems.
Estimated cost excludes links rentals but includes system installation and training.
5.2 MIGRATING TOWARDS THE DESIRABLE GDPS SYSTEM
Starting from the basic system NMCs can enhance both the functionality and the power of the system by upgrading the GTS telecommunication links, adding or relocating hardware and upgrading or acquiring additional software as detailed in below. Annex 3 shows what a desirable computerised GDPS might look like.
5.2.1 The GTS Circuits
It is felt that one of the most serious constraints in the overall improvement of the GTS are the circuits that link the various components of this hierarchical communication system, both, in implementation and in the quality and speed of the circuits themselves. NMCs must continue to collaborate with their respective national telecommunication utilities to improve the situation. Where graphical products are to be transmitted, the NMCs should strive to have links that can operate at speeds of least 18 kbps, to speed up the reception of the products. RSMC with NWP models need high-speed links of 64 kbps or better. It is difficult to put a price tag to the links because of national tariff differences
NMCs may need to revisit the concept of dedicated national links. It may be more cost- effective to have links that are charged on the “per use “ basis. Also NMCs may consider diving their area of responsibility into “zones”. Observing stations would transmit their data to their respective zonal centres, which in turn would transmit the data to the NMC main data reception centre. The zonal offices could either be participants of a national “ cloud “ system using a public network domain or could have RAS connection (Ref.: Annex 2) to the NMC main data centre. The resources required at the zone offices:
Medium speed link between zonal office and NMC One type (e) PC system One Variable speed ROUTER One MODEM V34 compliant, 28 kbps or faster. Two Printers: One Colour, One Black and white. UPS + Surge Protector Windows 2000 Professional Operating System.
TOTAL COST IS ESTIMATED AT US $ 5000 - 6000.
Note:
This PC can be configured with RAS for communication with the NMC LAN or if the zone office happens to be at national airport requiring products from the NMC then a type (b) PC should be used and a Data/Products Display software such as Missir-Vision, PCGRIDS can be installed on it.
At the NMC Head office end several options are possible: IP Connection of Annex 1 or Option 1, Option 2 of Annex 2.
All the 3 options are Internet independent.
Some NMCs who have tried this approach have experienced increased efficiency and financial savings.
The concept of a “cloud“ system, which extends to the next higher level in the GTS hierarchical system, in which NMCs now constitute the cloud elements is worthy of further investigations.
5.2.2 The Applications Sub-system
The possible module of the application sub-system elaborated above can singly be added as and when the need arises and resources become available. With the data/products visualisation module as a starting point the Plotting, climatological, media, etc., modules can be added to the internal LAN to access the DBMS data/products bank. The computer hardware and software requirements for such modules have all been covered above.
5.3 THE BASIC INTERNET SYSTEM
For a start, a single PC at an NMC can be connected to the Internet via an Internet Service Provider (ISP). Such connection can be established using a normal telephone line or it can be a wireless connection. It should be configured as a dial up connection and segregated from the WMO GTS.
The next step could be, to have a multi-user arrangement by setting up a LAN and to connect to it an e-mail installed PC. It should then be possible for a number of users connected to the internal LAN to access the Internet using a single modem out of the e-mail installed PC. (Ref.: Annex 4). This dial up arrangement could provide e-mail and web hosting at the ISP and FTP between the NMC, ISP and the Internet.
Requirements:
Hardware:
1 type (f) configuration PC system as Email Server type (e) PCs for users as required Modem; 28,000 bps or higher A working telephone line LAN accessories Connection to ISP ( and Internet ) Printer
Software:
Email and Web browser client program on desktop ( Win 95 has such programs )
5.4 THE DESIRABLE INTERNET CONNECTION.
The most desirable situation is achieved when the NMC establishes a high speed link (64 kbps) with the next hop RTH, preferable outside the RA I region and acquires its own block of IP addresses and so becomes a pseudo ISP on its own right. RTH Nairobi is one, with IP address 195.220.202.z. The “z” octet has been sub-netted and some of the sub-nets allocated to NMCs which are linked to it
Requirements:
Hardware:
SERVERS: Internet - PC type (c)
Web + meal PC type (d)
FTP + Printer PC type (f) Dial up PC type (c)
Firewall Printers: Various Matrix, Laser, Colour Router Modem LAN accessories Link to ISP
Software:
Many of the server software implementations are likely to be bundled together. For example, WIN NT/WIN 2000 Server Network Operating System come bundled with all the above server options; all you have to do is to configure them on the PC. Otherwise, the two most important software in the server group are:
The (network ) Operating System - Windows 95, Win NT, Win 2000, Novel Net ware, Solaris, Irix, Sun OS, etc.
The Web Server Software (Browser) - Microsoft Internet Information Server (MIIS), Netscape Enterprise Server, NetWare Web Server, etc.
Note:
It should always be remembered that there are ALWAYS two versions of the server programs. One version is for the host and the other version is for the client.
To establish a connection between the GTS and the Internet requires mandatory security considerations. Various types of firewalling: filtering, encryption, proxy servers, etc., need to be implemented.
The Internet LAN can remain segregated from and independent of the AMSS LAN. When appropriate security measures have firmly been put in place (e.g. installation of “catapult “ proxy server and/or Protocol Isolation with Server Replication Server) the Internet LAN can then be connected to the Operational Application LAN to end up with a configuration shown at Annex 3.
5.5 REMOTE ACCESS SERVICES (RAS)
A simple connection between two stations can be achieved using PCs so long there is a working telephone line connecting two places. For example, using Windows 95/NT one of the PCs could be configured to receive “calls” from the distant PC. A normal telephone call is only made when needed. NMCs should investigate whether this approach is more cost- effective then current arrangements.
A SIMPLE REMOTE ACCESS SERVICES (RAS) CONFIGURATION
NMCTELEPHONE LINE LAN
NOTE:REMOTE PC, NMC PC OR LAN SERVER ALL CONFIGURED FOR REMOTE ACCESS SERVICES, SAY, USING WINDOWS 95 O/S.
OPTION 2
REMOTE STATION
Type (e) PC
MODEM
MODEM
ROUTE
R
Printer
OPTION 1Printer
NMCType (c) PC
6. THE COSTS
In Annex 6 the cost of a few of the items is given. These figures should be treated as merely planning figures. There is a need to collaborate with local computer vendors to obtain more up to date prices based on the specifications outlined herein. Software is the most difficult element to cost mainly because most of meteorological applications software is not available off-the-shelf.
7. TRAINING
A lot of emphasis must be placed on the training of staff who will maintain the system. NMC must make all the efforts to provide their staff with at least the basics of computers. This will make the staff members benefit the more when they attend other computer related courses. The Nairobi course on, “The use of new technology for the exchange and processing of meteorological data and products“ (RMTC, Nairobi, Kenya, 8-26 May 2000) was both opportune and excellent in content. But how much each individual course participant gained from the course must have depended on ones computer background. Time was definitely against “new comers to cyberland “.
Many human resource developers at NMC have well placed fear that computer training is a financial drain to the Service, because staff often go for “greener pasture “ elsewhere on successful completion of their computer training. While this is something the NMCs may have to live with, NMCs should keep on hoping that some of the more committed professionals will remain with the Service.
Donors who offer to provide components of the data handling system should be reminded of the fact that their help will give a more lasting service if the NMC staff is provided with the required maintenance expertise. That expertise must be provided through:
Complete and meaningful participation of local staff in the entire installation and system configuration process.
2-3 weeks on site training on the installed system to provide NMC with an 80-90% problem response capability.
Provision of a complete set of system maintenance and reference manuals.
8. CONCLUDING REMARKS
The application of new technologies in information communication is taking the world by storm. While high speed data transmission has made the Web service of the Internet such a glamorous one, high speed has also benefited the email and FTP Services It now possible to FTP huge graphics files very quickly.
The WMO wants a fast, cheap, secure and manageable data communication system and is therefore thrilled with the prospects of applying the Internet technology to its GTS network. However there are several constraining factors elaborated above, some of which are recapitulated here as follows:
Internet connectivity and data security Performance of national telecommunication utilities Cost effectiveness Expertise
Evidentially, an NMC can not provide an accurate weather forecast based on erroneous data, just as correct late data is of little value to the forecaster.
Expertise is definitely a pre-requisite for anyone to benefit from high technology. So as operators in cyberspace trying to resolve the above constraints NMCs must strive to acquire the needed IT expertise. This needs to be strongly emphasised because without expertise NMCs may not make the most out of ongoing information communication revolution.
However, it is felt that many NMCs are in a position to make a start, probably on two parallel roads to improve meteorological data communications; namely the GTS road and the Internet-technology-based road as follows.
The GTS Road
For a start an NMC can selectively implement RAS with some of the NMC's own national observing stations.
An NMC can establish an Ethernet TCP/IP based peer-to-peer LAN to which all GTS communication links can be connected and an AMSS and DBMS established.
The GTS LAN can thereafter be continuously enhanced by addition of application modules when resources become available.
The Internet Road
The starting point here is the establishment of a single user connection to the Internet via a local ISP.
Still using a single link to the ISP, whether by telephone line or a wireless link, an internal LAN can be built and configured for multi-user connection to the ISP.
When needs of warrant and financial resources become available, additional Servers can be added to the internal LAN, e.g. Web Server, FTP Server, etc.
At any point in this migration process when resources permit, and when there is sufficient local expertise the Internet LAN and the GTS LAN can be interconnected after a firewall, like "Protocol Isolation with Server Replication " or the Microsoft "Catapult", is installed to protect the GTS LAN.
While cyberspace experts continue to seek solutions to Internet communication problems there is one of several major problems which only meteorological IT experts can solve namely the availability of cheap PC-based meteorological application programs. This problem is likely to slow down the GDPS computerisation process in RA I. RA I needs the equivalent of CLICOM in the area of AMSS, Real Time or Near Real Time Database Management, Operational Weather Forecasting, etc.
Within RA I, there are definitely NMCs that have excellent in-house developed applications that can greatly assist other NMCs if they are properly documented and made available to them. May be there is a need to make in-depth investigations of the availability of such software within the relatively more advanced RSMCs/NMCs in RA I. Maybe ACMAD should be tasked to do this, after all, one of ACMAD's slogans is "Application Development is an Obligation".
Another area that requires emphasising is the telecommunication links, especially those that connect NMCs to RTHs. It is not good enough for RSMCs/RTHs to generate/store lots of data/products if these can not reach the NMCs. There is a need to have at least medium speed links to facilitate graphics transmission/reception. Also there is a need to have "dual routes" to resources so that when one route fails the second one can be used as an alternative route.
The training seminar on the Use of New Technology for the Exchange and Processing of Meteorological Data and Products: RMTC Nairobi, Kenya, 8-26 May 2000, was excellent in content, implementation logistics notwithstanding. It was rather painful to hear, at the final plenary session, that the next implementation of a similar seminar in RA I will be for French Speaking NMCs two years hence. RA I need the communication expertise and the Nairobi seminar provided a great opportunity to acquire it.
For more then 3 years, DMC Nairobi had the ONLY DEC VAX 11/750 mini computer in Eastern Africa with no vendor support available within the region. But for all that time the system was kept running with no down time. DMC managed this because it had very well trained staff in that system hardware and software. On the other hand a Missir-Com/Vision system which has recently been installed at an NMC in RA I is experiencing problems and local staff are unable to solve even what may be simple problems. This is a rather unsatisfactory situation; NMCs require 80-90% local problem solving capacity.
REFERENCES
Arimatea, J. (2000); Lecture on “Small Communication Systems for National Meteorological Centres “ delivered at RAI Training Seminar on the use of new technology for the exchange and processing of meteorological data and products.
Arimatea, J. (2000); Lecture on “ Protection of GTS “ delivered at RAI Training Seminar on the use of new technology for the exchange and processing of meteorological data and products.
Nyoni, Elzear (1993); Report of the mission on real-time data processing facilities for Dar Es Salaam NMC, Nairobi, RSMC and ACMAD in Niamey.
Nyoni, Elzear (1998); Report on available and projected real-time data processing facilities at selected National Meteorological Services.
Sheldon, Tom; Windows NT Webserver Handbook.
WMO 1998 Abridged final report of the Twelfth Session of RA I.
WMO 1998 Abridged final report of the Extraordinary Session of the Commission for Basic Systems.
THE BASIC NMC COMPUTERISED DATA HANDLING SYSTEM
INPUT/OUTPUT LINKS AMSS APPLICATIONS
AMSS
SERVER
ASYNCHRONOUS... A
X.25/IP...........
SCANNER
H
U DBMS
RTH MODEM ROUTER B FTP SERVER A SERVER B
LOCAL INPUTS
PDUS MDD PRINTERS
SATELLITE PC PC
VISION PC
AN
NEX
1
AMSSSERVER
B(HOT
STAND BY)
ZONAL OFFICE CONNECTION TO NMC
NMCTELEPHONE LINE LAN
NOTE:
(I) REMOTE PC, NMC PC OR LAN SERVER ALL CONFIGURED FOR
REMOTE ACCESS SERVICES, SAY, USING WINDOWS 95 O/S.
(ii) OPTION 1 CAN BE USED BY AN NMC WHICH DOES NOT HAVE
AN AMSS/DBMS
OPTION 2
REMOTE STATION
Type (e) PC
MODEM
MODEM
ROUTER
Printers
OPTION 1Printer
NMCType (c) PC
AN
NEX
2
THE DESIRABLE NMC COMPUTERISED DATA HANDLING SYSTEM
INPUT/OUTPUT LINKS AMSS APPLICATIONS
AMSSSERVER
ASYNCHRONOUS... AX.25/IP...........
RTH MODEMHU DBMS
ROUTER B FTP SERVER ASERVER B
CLIMAT
PC
Zonal MODEMS AVIATION
Offices PC
AMSSSERVER
B(HOT STAND MEDIA
BY) PC
PDUS PRINTERS F/E/PRECSATELLITES PC NWP
W/STAT
MDDPC USERS
FIRE WALL PROXY eMAIL WEBSERVER SERVER SERVER
TO INTERNET ISP ROUTER
NOTELAN1 = GDPS LAN
USERS FTPLAN2 = INTERNET LAN SERVER
NATIONAL CLOUD = eg FRAME RALAY NET
DIAL-UPSERVER
NATIONAL CLOUD
COLOURSCANNER
INTERNALWEB
SERVER
AN
NEX
3
THE MULTI-USER DIAL-UP INTERNET SYSTEM
INTERNAL LAN
.
.
.
USER1
PC
USER2
PC
USER n
PC
eMAIL SERVER
MODEM
ISP
Printer
AN
NEX
4A
NN
EX 5
ESTIMATED COST OF TYPICAL PACKAGES (US $)
Hardware Extra Software Cost Type
1. Minimum AMSS + DBMS 35,000 - 40,000 ? ORACLE? Missir-Com
2. Minimum Applications-Vision 3,500 - 3,000 ? Missir-Com
3. RAS System 4,000 - 5,000
4. Minimum Internet 6,000 - 9,000
5. Regional Office Data 6,000 - 9,000 ? Messir-Vision Handling System
AN
NEX
6
ANNEX 7
PC SYSTEM SPECIFICATIONS
System (a)
Intel Pentium or AMD Athlon Processor running at 700-800 Mhz MB RAM GB Hard Disk 1.44Mb Floppy Disk Drive CD-RW ROM GB Magnetic Tape Cartridge Drive ( For Back Up ) 19” SVGA Monitor UK Key board Mouse Win 2000 Professional
System (b)
Intel Pentium or AMD Athlon Processor running at 600-700mhz+NIC+Graphics Card 256 MB RAM 20 GB Hard Disk 1.44Mb Floppy Disk Drive CD-RW ROM 19” SVGA Monitor UK Key board Mouse
System (c)
Intel Pentium or AMD Athlon Processor running at 500-700mhz with NIC 128 MB RAM 10 GB Hard Disk 1.44Mb Floppy Disk Drive CD-RW ROM 17” SVGA Monitor UK Key board Mouse Windows 2000 Professional UPS + Surge Protector
System (d) - FILE SERVER
DUAL Intel Pentium or AMD Athlon Processor running at 800mhz+NIC 512 MB RAM 30 GB Hard Disk 1.44Mb Floppy Disk Drive CD-RW ROM (650 MB ) 24 GB Magnetic Tape Cartridge Drive ( For Back Up ) 21” SVGA Monitor UK Key board Mouse UNIX Operating System
System (e)
Intel Pentium or AMD Athlon Processor running at 500mhz 64 MB RAM 10 GB Hard Disk 1.44Mb Floppy Disk Drive CD-RW ROM 17” SVGA Monitor UK Key board Mouse Win 95 UPS + Surge Protector
System (f)
Intel Pentium or AMD Athlon Processor running at 700mhz 128 MB RAM 30 GB Hard Disk DVD - ROM Drive 1.44Mb Floppy Disk Drive CD-RW ROM 17” SVGA Monitor UK Key board Mouse Win 2000 Professional UPS + Surge Protector
System (g)
Intel Pentium or AMD Athlon Processor running at 700-800mhz 128 MB RAM 20 GB Hard Disk 1.44Mb Floppy Disk Drive CD-RW ROM 24 GB Magnetic Tape Cartridge Drive (For Back Up) 19” SVGA Monitor UK Key board Mouse UPS + Surge Protection
SOME OSI MODEL IMPLEMENTATIONS
NO. TITLE
7Application
6 Presentation
5 Session
4 Transport SPX
3 Network
2 Data Link
1 Physical
OSI LAYER NETWARE TCP/IP
7. Interaction between network and application
NFS
SNMP
FTP
Application
Net BIOS
Emulator
Net
Ware
Shell
W/Stat
IPX
2. Transmission of data frames from node to node
. Ethernet
. Token Ring
. ARCNET
.802.3 + 802.2
.802.5 + 802.2
3. Data routing, addressing and verification
4. Structure of messages, delivery, some error checking
IP
Ethernet ARCNET
802.3+802.2 802.5+802.2
Others
6. Encoding, conversion file format, data presentation
5. Connecting, maintain communications security, logging, tracking
LAYER FUNCTIONS
Net
Ware
Core
Protocol
TELNET
1. Interface hardware, cabling, communic. Medium
TCP UDP
AN
NEX
8