Embed Size (px)
Citation preview
Computing in the Physics Department, 2000
Bryan Wright
April 13, 2001
Vital Statistics
Number of Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Faculty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Senior Research Staff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Research Associates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Graduate Students . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Majors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Staff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Number of Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Operating Systems:
Number of Linux Computers:Counting clusters as single machines . . . . . . . . . . 66Counting individual boxes . . . . . . . . . . . . . . . . . . . . 92Desktop workstations . . . . . . . . . . . . . . . . . . . . . . . . . 36Laptops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Research group servers . . . . . . . . . . . . . . . . . . . . . . . 8Departmental servers . . . . . . . . . . . . . . . . . . . . . . . . . 8X terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Number of Windows Computers . . . . . . . . . . . . . . . . . . . . . 114Number of Macintosh Computers . . . . . . . . . . . . . . . . . . . . 21Number of Computers with Other Operating Systems 25
Average Logins per Day:Galileo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112Mail Server (interactive) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Mail Server (pop/imap) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3,270Computer Lab (Room 315) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Messages per Day through Mail Server . . . . . . . . . . . . . . . . . . . . . . 3,010Web Server:
Visits per Day. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1,300Pages per Day. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2,430Hits per Day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15,400
Pages Printed per Day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847Disk Space Backed Up (GB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
Departmentally-owned Computers . . . . . . . . . . . . . . . . . . . . . . . . . . 150Research Group Computers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
1
Physics Department Computer Purchases
Year
Num
ber
of C
ompu
ters
0
10
20
30
40
50
60
70
80
1975 1980 1985 1990 1995 2000 2005
Figure 1: Computer Purchases, by Year, from Property Accounting Data
Introduction
In the following pages I’ll try to describe the current state of computing in the PhysicsDepartment. Because our computer facilities are constantly and rapidly changing, this reportwill necessarily be a blurred snapshot. As one indicator of this, consider figure 1, which showsthe increasing number of computer purchases we’ve made during the last twenty years orso. (This data comes from the property accounting database, and does not yet include allinformation for the year 2000.)Since our researchers purchase their own computers, it’s hard to say exactly how many
computers are in service in the department at any given time. Computers are retired to theattic or the back of the lab, and sit there for years until they’re cannibalized or surplused.Based on a variety of observations, we estimate that there are about 220 computers in activeuse in the department.
• A door-to-door survey done two years ago, in preparation for possible year 2000 prob-lems, counted about 250 computers, in or out of use.
• According to property accounting data, we’ve retained 262 of the computers purchasedsince 1995. Since five years is a reasonable lifespan for a computer, this probably putsan upper limit on the number of computers in service in the department.
• According to link status indicators on our network hubs and switches, there are 178network devices turned on on a typical afternoon. This probably represents a lower
2
limit, since some labs will have local hubs or masquerading clusters on private networks.Although some of the observed devices may be privately-owned network printers, ex-perience indicates that there are relatively few of these, and the department’s publicprinters are all isolated on a separate network and so don’t appear in this count.
• Watching the local network for arp requests on a typical afternoon, we see 222 uniqueMAC addresses associated with IP addresses on the physics subnets.
Our department is currently composed of 57 faculty, 7 senior research staff, 15 researchassociates, 59 graduate students, 81 majors and 28 staff members, a total of 247 people. Thismeans that, broadly speaking, we have about 1 computer per person. This is misleading,though, because the computers are unevenly distributed. Many faculty, for example, have adesktop computer and a laptop. Some even have a third computer at home, often an oldermachine that’s been semi-retired, used for dialup access. Finally, our total includes depart-mental servers and research lab data acquisition computers, which aren’t really associatedwith any single user.
Facilities
Computers in the Physics Department can be divided into several categories, based on therole they play. The most obvious type of computer is the desktop workstation (which wetake to include laptops, too). Other groups include servers (for mail, printing, web and soforth), data acquisition computers, and the computers available in our teaching and semi-public computing labs. Below, I’ll give a relatively non-technical description of the facilitiesavailable in the department.Almost all of our computers run one of four operating systems: Microsoft Windows, Ap-
ple’s MacOS, the various Unix derivatives (especially Linux) or DEC’s VMS. The departmenthas settled on a dual standard (Linux or Windows) for servers and staff desktops, with stan-dard configurations. Although we continue to support a wide variety of operating systemsand configurations, we encourage others in the department to adopt these standards, too.Standardizing on two operating systems in well-known configurations makes maintenanceand upgrades much easier, and allows us to provide better support in general.For example, we currently support approximately 66 Linux computers, including 36 work-
stations, several Linux-based X terminals, four laptops, 8 research group servers (countingtwo clusters as two single computers), and 8 departmental servers (counting one cluster as asingle computer). Most of these computers participate in a nightly update scheme that al-lows us to easily install security updates and other changes automatically. (See the followingsection, on Galileo)The other major operating system represented in our department is Microsoft Windows,
in the forms of Windows NT, 95 and 98 mainly. We currently support approximately 114Windows computers. Macintosh computers are the next largest group, with about 21 cur-rently in service. Other varieties of Unix-like operating systems, including Ultrix, DigitalUnix, HP-UX, Irix, etc., are represented by about 20 machines, in total. Finally, vari-ous research groups still have about five computers running DEC VMS, a reminder of the
3
Figure 2: Schematic View of Galileo’s Hardware
days when our department’s computing resources were almost entirely composed of VMSmachines.
Galileo
In 1997, our department used HEET funds to construct a Beowulf cluster, which we call“Galileo”. Our goal was to create a scalable, inexpensive solution to our department’scomputing needs for the next several years. Galileo’s modular nature will allow it to growas our needs change. We can add new nodes to meet increasing demand, and we canselectively upgrade the existing nodes, without necessarily investing in upgrades for theentire cluster. Since Galileo is composed of commodity components, it is inexpensive. Byrelying on standard, off-the-shelf components, we also ensure that parts will be available forfuture repairs and upgrades, and we know that we can re-use retired cluster components forother, less demanding purposes (as desktop computers or light-duty servers, for example).Galileo performs many functions, a few of which are described below. It has become the
central part of our department’s computing infrastructure.HardwareGalileo currently consists of 14 300 MHz Pentium II nodes, connected by a 100 Mbps
switch. Each node has 128 MB of memory, with the exception of node0, which has 256 MB.Each node has a local IDE disk containing the operating system, and a second disk with 4GBof scratch space. Node0 has a 200 GB RAID5 array containing users’ home directories, mailspool directories (which are shared with the departmental mail server, described below), andvarious locally-installed software. All communication between the cluster and the outsideworld passes through node0, via IP masquerading and port forwarding. Figure 2 showsGalileo’s topology.Design GoalsEven though Galileo is cheap as supercomputers go, it still represents a large monetary
investment for our department. Because of this, we’ve designed Galileo with the intent thatalmost everyone in the department will benefit from it in some way. Most supercomputingclusters are useful to only a few talented programmers, who know how to write parallel codethat takes full advantage of the cluster. These users are only a small fraction of our userbase. In designing Galileo, we’ve also kept in mind the average grad student or undergrad (or
4
faculty member) who doesn’t want or need to spend time parallelizing code, but needs morecomputing power than that provided by our previous “compute server”, an IBM PowerServer370 RS6000. Our intent was that everyone using the RS6000, in whatever capacity, wouldrealize an immediate benefit by migrating to Galileo.Fast Serial PerformanceTo satisfy the needs of these users, we’ve built Galileo from fast nodes and implemented
a number of load-balancing schemes. Each node of Galileo is PII-300 with 128 MB RAM.Various benchmarks show that a single node is from 1.3 to 2 times as fast as our RS6000.Thus, even users who use only a single node of the cluster will see improved performance.Load BalancingPerformance is further improved by spreading the user load around the cluster. Galileo’s
nodes communicate through an internal 100 Mbps ethernet network. One of the nodes has asecond ethernet card, through which the cluster communicates with the outside world. Thisnode acts as firewall, mediating traffic into and out of the cluster. Incoming connectionsto selected services (currently telnet, ftp, http, ssh, rlogin, rsh and xdm) are automaticallyforwarded to the currently least-loaded node. For example, with twelve nodes in the cluster,each of the first twelve users who telnet into Galileo might find that he has an entire nodeall to himself.Once a user has logged on to a cluster node, she is free to use other nodes as well.
Security has been set up so that users can use other nodes transparently, without a password,through ssh. To help with load-balancing, we’ve written an application called “run”, whichwill execute a command on the currently least-loaded node. “Run” preserves the currentworking directory and the user’s current environment variables.Thirdly, a system called “Mosix” provides load-balancing for each process on each node,
without user intervention. Mosix allows processes to move to other nodes of the clusterautomatically. When the Mosix system determines that performance could be improved bymigrating a process to another node, it does so. As far as the user is concerned, the processstill looks like it’s executing locally. The process may migrate around the cluster, runningon several different nodes before it finishes. Mosix is installed on all of the Galileo nodes,and runs automatically, without requiring any special commands from the user.Fast Parallel PerformanceThe features described above satisfy the needs of many of our users, but some users
really do have large problems which require the full power of the cluster. To make thispossible, we’ve built Galileo with fast network connections between nodes, and taken carethat each node is well-designed for fast communication over that network. The computerswhich compose Galileo are connected in a star topology, centered on a 16-port 100 megabitper second ethernet switch. Since networking speed can be limited by memory bandwidth,each computer is built with SDRAM memory instead of the slower FPM or EDO memory.We’ve also installed several software packages which make the task of writing parallel pro-
grams easier. These include PVM (“Parallel Virtual Machine”) and MPI (“Message PassingInterface”), two programming environments for parallel computing. A “High PerformanceFortran” compiler (pghpf) is also available. High Performance Fortran is a dialect of fortranwith specialized features for use in parallel applications.SoftwareWe are fortunate to have many site-licensed software packages available at UVA. Among
5
the site-licensed scientific and mathematical packages installed on Galileo are Mathematica,Maple and Mathcad. In addition to these, the department has purchased a single licensefor the Portland Fortran compiler suite. These commercial packages complement the largeamount of non-commercial software (such as LaTeX and CERNLIB) also available on Galileo.MS Windows Access to Galileo Home DirectoriesThe home directories on Galileo are stored on a RAID array physically attached to
node0 and NFS-mounted to all of the cluster nodes. In addition, these home directories areavailable outside the cluster to MS Windows users, making it easy for Windows users tomove files back and forth between their desktop machines and Galileo. This is accomplishedthrough a package called “Samba”. Through Samba, MS Windows users can access theirhome directories on Galileo as though they were disks on their local computers. Samba usersare authenticated against our WindowsNT domain controllers, avoiding the need for usersto maintain two separate passwords.Web serverGalileo also functions as a load-balanced web server for users’ personal web pages. It’s also
used as the web server for several class web pages, for instructors who feel more comfortableworking in a Unix environment than the Windows NT environment offered by our maindepartmental web server (see below).Nightly UpdatesGalileo is also the master controller for an extensive nightly update system, used by
other Linux computers in our department. Each night Galileo distributes updated softwareand configuration changes to about 30 workstations and two subsidiary clusters (owned byresearch groups). These updates are very important, since they allow us to rapidly distributeremedies for security problems.BackupsGalileo’s RAID array serves as one of two storage areas for nightly Unix backups. Backups
of Unix servers and workstations around the department are done through rsync, whichmaintains a mirror of the remote system’s files and an archive of changes. Since we backup a total of about 150 GB of files, the load is distributed between Galileo and a second,dedicated backup server called Teleport. For more information about Teleport, see below.
Web
Because of the web’s phenomenal popularity, our web servers are an increasingly importantchannel of communication between the Physics Department and the rest of the world. Peo-ple from other universities, in the US and around the world, are using the resources ourdepartment provides through the web. For many people, our web sites are the first look atthe Physics Department and the University, so we try to make the best possible impressionwith our web documents.Our department’s primary web server is a dual-processor 300 MHz PC running Microsoft’s
Windows NT operating system and Microsoft’s IIS web server. The computer’s internetname is www.phys.virginia.edu. (This will always be the name of our primary web server,even if we replace the current computer with another machine in the future.) Primarily, twotypes of web pages are provided by this server: departmental information (maintained bycomputer support staff and departmental secretaries) and class web pages (maintained by
6
Visits per Month
Month
0
10000
20000
30000
40000
50000
60000
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
Figure 3: Main Web Page and Visits per Month for 2000
instructors or TAs). In addition, this server provides Michael Fowler’s extensive (and verypopular) “Galileo and Einstein” web site and Steve Thornton’s educational outreach site.The departmental information pages on our primary server are all generated “on the
fly” from data drawn from a central database. This database contains information aboutthe people in our department, the telephones, the room assignments, course information,research interests and other data. Much of the information in the database can be enteredor modified through web-based forms. Individuals have the ability to modify their ownpersonal information through such a form. For security reasons, these forms are password-protected, and not even visible from computers outside the department.During the year 2000, our web server saw a total of 476,699 visits during which 887,437
pages were viewed (i.e., about 2 pages per visit). The total hit count for the year was5,623,635. Figure 3 shows the number of visits for each month of the year. The busiestmonth was October, and in figure 4 we show information about hour-by-hour usage duringthis month, and the distribution of browsers by domain. The distribution by domain givesa rough sense of who’s looking at our server. Note that most visitors come from the EDUdomain, assigned to educational institutions in the US, including UVA. Local UVA usersaccount for the majority of this, for about 1/3 of the total traffic. By looking at the logfiles in detail, we can see that most of the traffic from the COM and NET domains canbe attributed to automated search engines, such as Google, Yahoo and AltaVista, whichperiodically index our site. The slice labeled “Unidentified” corresponds to computers whosedomain name could not be determined by our web server. These are usually individual dialupusers through small ISPs (e.g., “Mahanagar Telephone Nigam Ltd.”, of New Delhi).The most popular pages are those maintained by our instructors for their classes. In
particular, the most visited pages are Michael Fowler’s PHYS 109 and 252 classes and RobWatkins’ 241e class. Note that this does not include statistics for Lou Bloomfield’s verypopular “How Things Work” class (and separate web site for the book of the same name),
7
Avg. Hits per Hour, October
Hour
0
200
400
600
800
1000
1200
1400
0 5 10 15 20 25
UVaOther EDU
COM
Unidentified
NET
CA/US/AU/UKORG
Other
Figure 4: Detailed Web Server Statistics for October, 2000
since these pages are served by another computer. The How Things Work server alone seesover 2000 visits per day, more than the entire traffic seen by our main web server.Galileo, our department’s Linux cluster (see above), also acts a as a web server, and is
available for class and research pages maintained by users who prefer to work in a Unixenvironment. We are phasing out our old Unix web server (called “Landau1” or “Erwin”)and will not be creating new web pages on it in the future. We will soon migrate to Galileoall services previously provided by Landau1. Once this migration is complete, the old Unixweb server will be turned off and Galileo will answer to the names Landau1 and Erwin, inaddition to its own name.
Our department’s primary mail server is a 120 MHz PC running Linux. It serves severalroles: receiving incoming mail, sending outgoing mail to other computers, and allowing usersto read their mail by various methods. This server’s name is “mail.phys.virginia.edu” andit has about 96 registered users, or about 64% of the total 151 users in our department whohave a registered mail address in UVA’s LDAP database. The mail server also functions as amailing list server, is capable of archiving mailing lists in a form accessible through the web,and runs a web and e-mail based call-tracking system for departmental computer supportstaff.The first of the mail server’s many roles is that of SMTP server. SMTP is the protocol
by which mail is transmitted over the internet. Incoming messages are received on behalf ofthe user to whom they’re addressed, and outgoing messages are directed to an appropriatecomputer elsewhere. The SMTP software on our mail server is “sendmail”, which is widelyused for this purpose. SMTP servers are frequent targets of “spammers”: individuals orcompanies who send massive amounts of unsolicited e-mail to promote various products and
8
services. Spammers typically disguise their address by relaying mail, without permission,through SMTP servers owned by others. To prevent the unauthorized use of our SMTPserver, we’ve configured sendmail so that it refuses to relay messages that don’t originatefrom UVA. We’re also careful to keep up with the latest sendmail security updates, since flawsin sendmail have, in the past, allowed spammers to fool servers into relaying unauthorizedmessages. This is an important issue, since the University and our department risk beingthe target of lawsuits if our computers are used to send spam.Once mail has been received by our server, users have a choice of several different ways
to read it. To users who prefer a text interface, we offer a menu, shown in figure 5, thatallows them to read their mail using Pine. Users can get to the menu by connecting to themail server using Telnet or SSH. 38% of the mail server’s 96 registered users have used Pineto read their mail within the last month. The mail server also offers client-server based mailreading options, in the form of IMAP and POP services. These allow remote mail clients,such as Eudora, to read mail from the mail server. Finally, the server provides a web-basedmail interface (see figure 6) that allows users to read their mail through any web browser,anywhere in the world. With the exception of POP clients, users can mix usage of these mailreading methods. 1 This is apparent from the following table, which shows the significantamount of overlap between the various mail access methods.
Client Usage, %
Pine 38POP 44IMAP 47Web 38
Some of our users have desktop computers capable of receiving mail directly, or groupservers capable of performing the same functions as our primary mail server, and use thesemachines for their mail. Others have mail forwarded to accounts at labs elsewhere, suchas Fermilab. Of our department’s 151 registered mail users, 21 (14%) receive their mail inthis manner. Other mail server options include the University’s Central Mail Server (CMS),which serves 14 of our registered users (9%), and UVA’s unix.mail server, which also serves14 (9%) of our users.Our mail server delivered approximately 1.1 million messages during the year 2000. 44%
of these were outgoing messages, with an average size of 16 kilobytes. Incoming messageshad a slightly smaller average size of 14 kilobytes. Hourly usage data for a typical monthis displayed in figure 7. Although these rates are small compared to the 1 million messagesper day that flow through the University’s central SMTP server, we are reaching a level ofusage that will require us to upgrade our mail server within the next few months. This willbe done by replacing the existing server with another computer having approximately twicethe speed. The replacement computer will be (like our current server) a re-used desktopcomputer.
1POP clients are the exception because they only have access to the user’s inbox on the server, and can’tsee messages that have been filed in other folders. POP clients are also sometimes configured to removemail from the server after it has been copied to the client computer. If this is the case, the mail is no longeravailable for viewing by other methods.
9
======================================
WELCOME TO THE UVA PHYSICS MAIL SERVER
======================================
***** Mail Server Menu ***** [x]
P: Read Mail Using ‘‘Pine’’
R: Change Registered UVA E-mail Address
W: Change Password
Q: Exit Menu System
Your choice please==>
Figure 5: The Mail Server’s Command-Line Interface
Figure 6: The Mail Server’s Web Interface
10
Avg. Messages per Hour, Typical Month
Hour
0
500
1000
1500
2000
2500
3000
3500
0 5 10 15 20 25
Figure 7: Mail Server Usage
By maintaining our own departmental mail server, we are able to offer services thataren’t available to users of the CMS or Unix.mail. For example, we provide a mailing listmanagement system called “eSquire” (see figure 8), which our secretaries and administrativestaff use to manage the faculty, staff and other departmental mailing lists. This has been avery popular improvement that seems to have made life somewhat easier for the people whomanage these lists. The eSquire interface allows administrators to quickly and easily addor remove addresses from the lists, and displays the lists in an easy-to-read way, with fullnames for each e-mail address, and alphabetized by last name. Our server is also capableof archiving the messages sent to mailing lists, so that they’re available through the web forlater reference. See figure 9 for an example.Having our own mail server is beneficial in several ways. Most importantly, it allows
us to offer services that would not otherwise be available because of access restrictions. Forexample, when a user forgets his or her password on our mail server, a member of the Physicscomputer support staff can reset it, but would be unable to do so if the user were using theCMS. In general, mail problems can be resolved much more quickly and easily when localsupport staff have privileged access to the mail server.Maintaining our own mail server also allows us to easily offer mail services to groups and
visitors. Local accounts can be created for visitors whenever necessary, without the need togo through University channels. We can also maintain accounts for users who have left theUniversity, but are still collaborating with researchers in our department. The Universityregularly disables accounts for users who are no longer on grounds, unless a formal request
11
Figure 8: The Mail Server’s Mailing List Management Interface
is filed annually.Finally, our mail server provides an e-mail and Web-based request-tracking system used
by our computer support staff (see figure 10).
File Servers
We encourage MS Windows users in our department to store their documents on one of twoWindows NT file servers. These servers are “Curie” (for faculty and staff use) and “Einstein”(for students). Each is a member of an NT domain called “physics”, and shares a commonuser database with other members of the domain. Each person in our department is givenan account in the physics domain, and some storage space on one of the two servers. Thisspace is accessible from a user’s desktop computer as though it were just another local disk.There are two advantages to storing files on one of the servers. First, the servers are backedup regularly, so that accidentally deleted files can be restored. Second, the files on theseservers can be used from multiple locations. This means that users can have access to theirfiles from other computers in the building, or from home via a dialup network connection.Curie, the faculty and staff server, has 4 GB of space on its user disk. This disk is
currently about 90% full, and is in need of an upgrade. Einstein, the student server, has a9 GB user disk which is about 50% full at the moment.Both Curie and Einstein are running MSWindows NT version 4. Within the next year we
will decide whether to upgrade these computers to Windows 2000 or convert them into Linuxservers. As Linux servers, these computers would appear no different to users, but wouldbe easier to manage and update. There would also be some savings in software licensingcosts. Converting these servers to Linux would open up the possibility of combining theaccounts and home directory space of Galileo with those of Curie and Einstein. Havinghome directories on both Curie or Einstein and Galileo is confusing to some users.In addition to home directories for users, Curie also provides storage space for a number
of groups, most notably the administrative staff. This “Admin.grp” area is shared by thedepartment’s administrative staff, and can be used to store files needed by several people.
12
Figure 9: The Mail Server’s Mailing List Archive
Figure 10: The Request Tracker Interface
13
Printing
The department provides several public printers, and maintains the network printers used inthe department’s administrative offices. All of these printers are connected to a central printserver, via a “printer network”, isolated from the general network (see the Networks section,below). Having these printers on an isolated network forces all print jobs to go throughthe print server, allowing us to do print accounting. Figure 11 shows data collected duringthe year 2000. While looking at figure 11, note that the hourly distribution of print jobsmatches, broadly, our other daily work patterns, as displayed in figures 4 (web), 7 (mail)and 15 (computer lab).Our busiest printers are the ones in room 315 (the departmental computer lab) and
room 100 (the copier room). These printers are both HP LaserJet 8000s, with duplex unitsinstalled. Figure 12 shows page and job counts for each of the networked printers. Theprinter in room 315 (called “physics 315”) printed 25,000 jobs totaling 175,000 pages duringthe year 20002. Total paper usage, based on purchase information, was 170,000 sheets. Thecost per page for jobs printed on physics 100 and physics 315 was 0.83 cents for toner and0.46 cents for paper.Other printers include those in the majors’ lab (room 216), the multipurpose lecture/lab
room (room 22), the accounting office, a color LaserJet in the Chairman’s office, and arecently-added network printer in the first-year graduate office. A color deskjet was retiredfrom another use and installed on a trial basis in the secretaries’ office near the end of theyear.Our print accounting system records usage statistics for each of these printers. Recorded
data includes date, time, user, computer where the print job originated, and number of pagesprinted. We do not currently bill for printing, although we are considering the possibility.In order to bill for this service, we would first need to provide a mechanism allowing theuser to specify a fund code at the time the job is printed. This is true because some printjobs can properly be billed to grants, while others should be paid for from departmentalfunds. We would also need to provide a way for undergraduates and first-year grads to print.Any solution we deploy would probably involve a per-user “print quota” plus a mechanismto charge print jobs to a fund code supplied at the time the job is submitted. There are anumber of ways of doing this, and physics department computer staff are currently involvedin a University project that will develop an ITC-supported solution to similar problems atother locations around grounds.We have no count of the number of personal printers in our department, although their
use is widespread. Since good-quality color inkjet printers have come down dramaticallyin price (costing on the order of $100.00) many of our users are purchasing them for theirdesktops. This creates two problems for computer support. First, a proliferation of manydifferent printers scattered around the department is inherently more difficult to supportthan a few central well-known printers. Second, because of the federal Cost AccountingStandards, toner and ink cartridges are not allowable direct charges for research grants.This means that the department must pick up the cost of toner for all of these personal
2Note that our print accounting software counts “impressions” rather than actual sheets of paper. Bothphysics 315 and physics 100 are capable of two-sided printing, so our print accounting statistics are more ameasure of toner usage than of paper usage for these printers.
14
desktop computers. We estimate that, if current conditions continue, this will cost thedepartment about $2,400 annually.We’ve tried to address this in several ways. First, we’ve been encouraging our users
to choose from a few recommended models when buying a printer. The variety of printersavailable in stores can be bewildering, and they cover a wide range of quality, so many peopleappreciate the recommendations made by computer support staff. Reducing the variety ofdesktop printers will make printer support somewhat easier, and it will also make it possibleto buy toner and ink cartridges in bulk, reducing the cost imposed by CAS.Second, we would like to increase the number of available central printers. We hope to
get approval for a departmental color laser printer in next year’s budget. This would providefaster, better quality output than that available from inexpensive desktop color printers, andwould satisfy a long-standing demand from our faculty. We have also already installed anadditional networked printer in the first-year graduate offices.Our print server is a Linux computer named “print”. The server runs a variety of the
standard Unix network printing software, lpd. The specific implementation we’re using iscalled LPRng. We chose LPRng because it provided enhanced security features and printaccounting. LPRng allows Unix hosts (and others that speak the lpd protocol) to send jobsto the print server’s queues. To accommodate Windows users, we have two other ways ofsubmitting jobs. First, the print server runs Samba, a package that allows a Unix host tospeak the Microsoft SMB file- and print-sharing protocol. Through Samba, Windows hostscan map print queues using the Microsoft protocol, by specifying a network printer path like“\\print\physics_315”. Samba is configured to require authentication before it will allowa printer to be used. Users who connect to the print server in this way are authenticatedagainst Galileo’s user database via NIS. A second, and better, alternative is provided byour Windows NT primary domain controller, “Newton”. Newton is able to talk to the printserver through the lpd protocol. Windows users who are already logged on to the physicsNT domain can send print jobs through Newton to the print server’s queues without theneed for additional authentication. This is convenient for users, since it doesn’t require anadditional password, and Newton is also capable of automatically distributing the necessaryWindows printer drivers to client machines when they first connect to a printer. This issomething that the current version of Samba has not implemented.
Networks
The network is very important to many of our researchers. The basic communication func-tions provided by e-mail and the world wide web are vital to all of our faculty now, sinceso much of our correspondence is electronic. The importance of the network is elevated forthose researchers who rely on fast, reliable network connectivity to locations outside UVA.For example, the Pion Beta Decay group remotely manages a live experiment running at thePaul Scherrer Institut in Switzerland. From Charlottesville they can acquire and analyzedata, and even control the beam line. Some of our researchers also need to transfer largeamounts of data from remote labs. Another very useful service is provided by the variousweb-based preprint servers, such as the Los Alamos preprint archive.The University’s connection to the internet is an OC-3 line, capable of 150 Mbps, provided
by Sprint. A backup connection, consisting of 4 T1 lines of 1.5 Mbps each, is used when
15
Figure 11: Printer Statistics
16
Copy Room
Comp LabGrad Ofc
Chair OfcSecretaries
Acct Ofc
Rm 22Rm 216
Printer Location Pages Jobs Pages per Job
physics 100 Copy Room 96127 13349 7
physics 101 Deskjet in Secretaries’ Office 22 7 3
physics 102 LaserJet in Chairman’s Office 8060 873 9
physics 22 Room 22 7680 2025 4
physics 112a Accounting Office 16292 5349 3
physics 216 Room 216 3556 2494 1
physics 315 Computer Lab 174899 25050 7
physics 107d 1st-year Grad Office 2496 689 4
Figure 12: Network Printer Usage
17
there are problems with the primary connection. The primary connection allows us tocommunicate both with the commodity internet and internet2, which provides high-speedcommunication between UVA and many other universities and government sites.The network in the Jesse Beams Lab contains three subnets, with a fourth subnet assigned
to the High Energy Physics (HEP) building. In the Jesse Beams lab, two subnets serve theolder part of the building and one serves the new wing. The Jesse Beams Lab is connected tothe University’s network through a 100 Mbps fiber link from a Cisco Catalyst 5509 multilayerswitch in Gilmer hall. These fibers connect to a 24-port 10/100 Mbps switch in room 115, inthe older part of our building. This switch connects to three 10 Mbps hubs (correspondingto the building’s three subnets) that provide service to wall jacks in the building. In theolder part of the building, access to the wall jacks is provided by a patch panel that alsodistributes phone lines. Two cables are run from the patch panel to each wall outlet in thebuilding, providing for one phone line and two ethernet lines (although none of these lines arenecessarily activated). The cables are category 5 twisted pair. See figure 14 for a schematicview of the networks in the Jesse Beams Lab.Network service to the new wing is provided by a fiber link from room 115 to a mechanical
chase in that part of the building. The fiber link connects via a 10baseT/fiber transceiverplugged into one of the hubs in room 115, and a fiber/AUI transceiver connected to a veryold David Systems hub in the mechanical chase. From there, a patch panel provides accessto phone and network wall jacks, as in the older part of the building. We are in the processof installing a new switch and hub to replace the old hub. This should provide more reliablenetwork service to the new wing.Room 115 also serves as our “machine room”, housing the majority of our servers. These
machines connect directly to the switch or to one of the hubs. A large uninterruptible powersupply (UPS) provides backup power to the network hardware and the servers.Recently, ITC has begun billing for active ethernet ports not associated with an active
phone line. The charge for each such port is $5 per month, with a higher charge of $30 permonth for ports that serve more than one computer. In order to avoid this charge, we havepurchased two additional 24-port switches that are daisy-chained with our primary switch.Any network ports that would have been billable have been moved onto one of the newswitches.The subnets in the Jesse Beams lab have addresses 128.143.100.0 (basement and first
floor of old building), 128.143.102.0 (second and third floor of old building) and 128.143.182.0(new wing). The HEP building subnet is 128.143.196.0. Note that we have several isolatednetworks touching the general network. For example, as described above, the networkedprinters are isolated on their own network segment behind the print server, with an internaladdress of 192.168.101.0. The nodes of the Galileo cluster share the 192.168.100.0 network.Other clusters owned by two of our research groups have internal networks with the addresses192.168.102.0 and 192.168.103.0. Although, in principal, there was no need to give all of theseinternal networks different addresses, I’ve done so in case we ever need to combine two ormore of the networks into one.The maximum daily average traffic on the 100 subnet last year was about 1 Mbps.
Maximum for the 102 was about 3.8 Mbps, and the 182 was about 5.2 Mbps. The last figureis somewhat misleading, since it’s due to an unusual spike in usage in December. Omittingthis spike, the maximum daily average for the 182 subnet is about 2.9 Mbps. See figure 13.
18
Figure 13: Network traffic on the Jesse Beams Lab Subnets
19
Mai
l
PL2−
serv
er
Ein
stei
n
Gal
ileo
Ein
stei
n
Wat
chdo
g
E−
Cla
ss
Cat
5Sw
itch
links
Inco
min
g Fi
ber
From
Gilm
er H
all E
ther
net
Sw
itch
Eth
erne
t S
witc
h
Eth
erne
t S
witc
h
To
Wal
l Jac
ks
To
Wal
l Jac
ks
Eth
erne
t S
witc
h
Bay
Net
wor
ksB
ay N
etw
orks
Hub
Fibe
r
Hub
To
Wal
l Jac
ksT
o W
all J
acks
New
ton
Cur
ie
Ww
w98
Erw
in
Lan
dau4
Prin
t
Phys
ics_
22
Phys
ics_
216
Phys
ics_
112a
Phys
ics_
102
Tel
epor
t
Phys
ics_
100
Phys
ics_
315
Phys
ics_
316c
Prin
ter
Net
182
102
100
182
Figure14:SchematicofNetworkInfrastructureinJesseBeamsLab
20
Group Servers
Several of our research groups maintain servers of their own. These include file servers, webservers, print servers and CPU servers. Three of our research groups have Beowulf clustersof their own, separate from the departmental cluster, Galileo.Some representative group servers are:
• Pocanic groupDinko Pocanic’s group has its own Linux cluster, called “Dirac”. This is a 5-nodecluster, modeled on Galileo, and is used for Monte Carlo simulations and data analysis.Each node has a 700 MHz AMD processor, 128 MB of memory and 120 GB of diskspace. Node0 has an additional 128 MB of memory and an additional 80 GB of diskspace.
The Pocanic group also has its own web server, “pibeta”, dedicated to the group’s pionbeta decay project. It is a Linux computer running the Apache web server. The webcontent is a mirror of a similar machine at the Paul Scherrer Institut in Switzerland.
This group is currently in the process of retiring two DEC Alpha computers whoseroles are now being filled by Dirac, Pibeta and several Linux-based workstations.
• Gallagher group and Jones groupTom Gallagher’s research group uses a Linux based group server named “Linus”. Mem-bers of the group use this computer for developing Fortran, C and C++ programs forsimulations and data analysis.
The Jones group is in the process of purchasing a similar, but significantly faster,computer. Like Linus, this new machine will be used for simulations and data analysis.
• Minehart groupLike the Pocanic group, Ralph Minehart’s group has another cluster, called “Planck”.This cluster consists of twelve nodes, like Galileo, but without Galileo’s load-balancingsoftware. Planck is used exclusively by Cole Smith, who uses it for large data analysisand Monte Carlo jobs related to his work at TJNAF. Both Planck and the Pocanicgroup’s Dirac cluster participate in the department’s centrally-managed Linux updatesystem.
• HEP groupThe High Energy Physics group maintains two powerful DEC Alphas running DigitalUnix, a variety of workstations (mostly DEC hardware) and a Linux-based cluster.These CPU servers are used for the huge simulation and analysis tasks associated withthe experiments in which this group is involved.
• Bloomfield groupLou Bloomfield and his students use a Linux-based server named “Rabi” as a file andCPU server for their lab. Through Samba, Rabi provides a central storage facilityfor data collected by Windows computers in the Bloomfield lab. The group then usesRabi’s computing power to analyze the data.
21
• Thacker groupHank Thacker and his students share three Linux workstations which are used collec-tively for lattice gauge theory calculations. These calculations are highly CPU- andmemory-intensive, and produce very large data files. Hank has recently upgraded oneof the workstations by adding 2 60 GB disks.
• FIR labThe Far Infrared Receiver Lab has a Windows 2000 server, called “fir1nt”. This ma-chine is a file and print server for home directories and applications used by peopleworking in this lab. The lab includes several Windows and Mac computers that makeuse of the server.
Desktops
As noted in the introduction, the spectrum of operating systems represented on desktopcomputers in our department looks something like this:
Operating System Number of Desktop Computers
Windows 114Linux 36Mac 21Other 20
Most staff computers, including those in the accounting office, secretarial office and chair-man’s office, are running Windows NT with a standard configuration that we’ve developed.All of these computers are 300 MHz or greater PCs with 19-inch monitors and disks of 10GB or larger. These computers should be sufficient to meet the needs of users in these areasfor at least the next two years. Notably, these computers satisfy the requirements of theIntegrated Systems Project (ISP), phase one of which will be rolled out in the Summer of2001. The ISP will replace the current University administrative systems used for account-ing, payroll, grants management, and so forth, with an integrated suite of tools based on theOracle database. Phase one of the ISP includes the financial components of the system, andwill be used by the department’s accounting staff. Other phases, implementing other partsof the system, will be rolled out over the next several years, and will eventually be used bymost of our administrative staff.Because they were purchased by many people over many years, the desktop computers of
faculty and students are much less uniform than those found on staff desktops. For example,consider the Windows desktop computers, which are the largest group, as shown in thetable above. The operating systems on these computers include Windows 95, 98, NT, 2000and ME, and they have nothing approaching a standard configuration. Macintosh users aresimilarly varied, with many versions of MacOS represented, and no standard configuration.Only the Linux computers are running a standard configuration and OS version. These arecentrally maintained, as described in the section on Galileo, above. This sort of centralizedmanagement comes naturally to Linux (as it does to other varieties of Unix), but tools toprovide similar services for Windows and MacOS have been long in coming, and do not yetappear stable enough for use in our environment.
22
Other operating systems represented on our desktops include various Unix-like operatingsystems (Ultrix, Digital Unix and HP-UX, for example), and VMS. The VMS machines area remnant of the days when our department’s computers were almost exclusively VMS. Formany years, beginning with a VAX 11/780 purchased in 1981, the Institute for Nuclear andParticle Physics (INPP) maintained a group of DEC VAX computers, running the VMSoperating system, for use by its members. By 1990 INPP members owned ten VAXes, Mi-croVAXes or VAXstations. Users without desktop access to such a computer were served byfour DECserver terminal servers and a web of terminal lines strung throughout the building.These computers and terminal servers were attached to a 10base5 backbone snaking fromthe first floor to the attic of the older part of the Jesse Beams Lab. (This was our originalsubnet, 128.143.26.0). None of these computers survive, but two Alpha/VMS computers,purchased later, are still in use by Donal Day and Blaine Norum. Both participate in col-laborations which have standardized on VMS software, making it necessary for these groupsto maintain VMS computers.As noted above, we encourage the use of either Windows NT3 or Linux on new desktop
computers. We have developed an effective system for managing and updating Linux com-puters, and we are working, with the help of the ITC server group, to develop a standardWindows configuration. By reducing the diversity of desktop systems, we hope to reducethe number of problems people encounter, and make the resolution of remaining problemsquicker and easier.As is the case with printer supplies (see above), the new federal Cost Accounting Stan-
dards have complicated the issue of desktop computer purchases. The CAS rules do notallow desktop computers to be purchased solely with grant funds unless those computers areused solely for research. Computers purchased solely with grant money may not be usedfor other tasks, such as teaching, e-mail, grant proposal preparation, and so forth, which wetypically associate with a general-purpose desktop computer.The University’s Desktop Computing Initiative (DCI) adds another factor to the desktop
equation, and may offer some help with the restrictions imposed by the CAS rules. The DCIprogram offers standardized computers for a not-unreasonable price, subsidized by the Dean’soffice with University funds. Because of the subsidy, CAS rules allow these computers tobe purchased with grant money, but still used for academic work (as long as the usage isproportional to the fraction of the cost paid). Note that this may be the only mechanismremaining through which our researchers can purchase a general-purpose desktop computerwith grant money.The standard DCI computer is a 600 MHz machine manufactured by Dell, with a 17-inch
monitor, 128 MB of memory and a 10 GB disk drive. The price for each computer is $459.00,after the Dean’s subsidy.Unfortunately, the DCI program has several limitations. First, machines bought through
the program must be traded in after three years for new DCI computers. Exceptions to thiswill only be made with a Vice President’s approval. This means that, despite appearances,DCI computers are essentially obtained under a three-year lease, rather than an outright
3This will probably soon become a recommendation for Windows 2000. We don’t feel ready to make thisrecommendation yet, though, since the Integrated Systems Project is not ready for use on Windows 2000,and this would preclude the use of this operating system by our administrative staff.
23
purchase. The DCI program is arranged this way to encourage regular replacement cyclesfor computers, and regular budgeting by departments for this replacement.Secondly, there are a limited number of DCI subsidies. Our department currently has 45,
18 of which have already been committed as matching funds for a grant awarded to SteveThornton for improving our teaching labs. Eleven additional computers have already beenpurchased by our faculty, and three for our staff. This leaves only 13 slots unassigned. Sofar, demand for DCI computer has been slight, but this could change as current desktopcomputers age and faculty members encounter the restrictions imposed by CAS on newcomputer purchases.In the future, we must ensure that certain necessary electronic services are provided at
the desktop of each faculty member. These services include e-mail, web browsing (togetheranalogous to telephone service in the past) and document editing (analogous to the type-writer). Many faculty members would be well served by a “thin client” apparatus that wouldperform only these three functions. This would not completely meet the computing needs ofother faculty members, who need the ability to do programming and run applications spe-cific to their research, but all faculty members need access to at least these three minimumservices, and most additional needs could be met by providing access to central computingresources.
Labs
The department supports three computer labs, of various types. Room 315 is a general-purpose computer lab, for Physics students, staff and faculty. Room 216 is a teachinglab, used for the intermediate physics lab course taught by Bascom Deaver. Room 22 isa lab-lecture room, used extensively during the summer by Steve Thornton and RichardLindgren for educational outreach classes, and used during the semester for a variety ofclasses, including the mathematical methods course taught by Vittorio Celli and JulianNoble.The general-purpose lab, room 315, currently contains 8 PCs and two X terminals. The
PCs are 233 MHz PentiumII computers with 32 MB of memory, running Windows95. Sincethese microcomputers are shared by many people, users cannot leave files on the local harddisk. Each time a new user logs in, or the computer is rebooted, the computer’s diskis resynchronized with an image which lives on a file server. Everything which doesn’tbelong on the computer is erased, and anything which has been deleted from the standardconfiguration is restored.In order to use these PCs you must have an account on our NT servers (there is no
“guest” account). This allows us to track computer and printer usage on a per-user basis.Each user is assigned a home directory on one of the NT servers in which he or she may storefiles. These files are available from any lab PC that the user logs in to. After logging in, theuser’s directory appears as drive “H:” on the PC, and can be used like any other drive.The graphs in figure 15 are taken from data collected during 1998, showing lab usage
statistics for room 315. The data include a total of 25,588 logins, over the course of 365days, giving an average of 70 logins per day. Note that the hourly usage reflects the patternsshown earlier for web, mail and printer usage.Room 216, used for intermediate lab classes, houses five 200 MHz PPro PCs running
24
Avg. Logins per Hour
Hour
0
1
2
3
4
5
6
7
8
0 5 10 15 20 25
Avg. Logins per Month
Month
0
500
1000
1500
2000
2500
3000
3500
0 2 4 6 8 10 12
Figure 15: Usage Statistics for Room 315
Windows 95. These computers are used for data analysis and lab writeups (done withMicrosoft Excel and Microsoft Word) and for data acquisition via two special hardwareinterfaces: a Pasco SCSI data acquisition device which can be controlled by a softwarepackage called Science Workshop, and a multi-channel analyzer card which is controlled byother special software.Room 22, the general purpose teaching lab, currently has 8 75MHz computers.
E-Class
In the fall of 1998, Lou Bloomfield asked me if I could come up with a web-based way ofmanaging his large How Things Work class. This is a very popular class, with a typicalenrollment of 400 or so students. Lou particularly wanted to get away from handling paper.With a large number of students, printed homework and term papers could easily be lost, andstudents with missing assignments could argue that their work was turned in, but lost by theinstructor or a grader. Lou envisioned a system that would accept the work electronically,then mail back a digitally signed certificate to the student. Students would be told to contactthe instructor immediately if they did not receive a certificate. If the instructor later believedthat the assignment hadn’t been submitted, it would be up to the student to submit thecertificate for verification.Over the following Christmas break, I cobbled together the first version of the system,
written as Perl cgi scripts. Authentication was done through an Apache .htaccess file anddata was stored in flat text files. Session state information was stored in cookies in thestudent’s browser. The homework certificates were generated by pgp. The system ran on ascrounged 120 MHz pentium running Linux. The course ran successfully with this versionof E-Class during the Spring semester of 1999.From the beginning, E-Class has been a victim of ”creeping featurism”. New features are
25
constantly requested, and the original version, hastily put together in time for the comingsemester, soon proved too difficult to modify. Because of this, I re-wrote the system duringthe summer of 1999. The new (and current) version of E-Class is still based on Perl, but thistime in the context of Apache::ASP. Instead of flat text files, data is now stored in a MySQLdatabase. The site now runs through a secure web server, constructed using mod ssl. I’vealso managed to scrounge a better computer, a 300 MHz machine.Although I’ve tried to avoid painting myself into corners, the system as it stands only
addresses the needs of the ”How Things Work” class. For example, it supports the submissionof short-answer homework and term papers, but it currently has no support for multiple-choice or numerical answers, although it would be relatively easy to add these formats.Some of my design goals when writing E-Class were to ensure that:
• All operations can be performed through the web interface, so no knowledge of pro-gramming languages or operating systems is necessary.
• The system is, as much as possible, independent of the hardware and operating systemon which it runs, allowing it to be ported to other platforms if necessary.
• The system is secure. Since the system contains personal data (grades, social securitynumbers) it must be secure. The system is accessible only through ssh or the SSL-enabled web interface. No other access (such as telnet or ftp) is permitted.
• The pages are compatible with as many different browsers as possible. Any browserthat supports html with tables should be able to view these pages. In particular, I’veavoided java, javascript and any plugins.
Beginning in January 2001 we began developing a new version of E-Class, using supportfrom a University Teaching Technology Initiative (TTI) fellowship. The TTI program andITC hope that the end result will be a useful addition to UVA’s web-based Faculty Instruc-tional Toolkit. The new version will add support for other question types, question libraries,and many other features.
26
Backups
In the past, we’ve backed up the departmental computers by copying data across the networkand writing it directly to tape. We’ve changed this recently by adding two large RAIDarrays, which act as “backup caches”. All user data and vital configuration data on ourLinux computers (desktop and server) and Windows NT servers is mirrored onto one ofthe two RAID arrays, attached to Galileo and Teleport, our primary backup server. Eachof these arrays has a capacity of about 200 GB. The mirrors are updated each night, andcopies of files that were modified or delete since the previous day are stored in a backupdirectory. Over time, these backup directories grow, so we occasionally write old backupfiles to tape and remove them. Currently, there is no fixed schedule for this procedure, sincewe are still evaluating the system and haven’t yet determined an appropriate schedule. Wehad originally hoped to hold a month’s worth of deletia, but it appears that we may only beable to accommodate two weeks’ worth. To illustrate the problem, we note that deleted ormodified files from Galileo’s home directories alone contribute on the order of 500 Megabytesto the backup directory each day. We can perhaps reduce the volume of deletia by betteridentifying temporary files that do not need to be backed up.Because the mirrored data is stored on a RAID-5 array, it is protected against the failure
of a single disk. The mirrored data is only in danger if two or more of the array’s disksfail simultaneously. In order for the system to actually lose data irrecoverably, at leastthree simultaneous disk failures would have to occur in two different computers: the originaldata, in the original computer, and two disks in the mirror computer’s raid array. Onlycatastrophic events are likely to cause such a scenario. Unfortunately, our building has seencatastrophic events in the past, so we are taking precautions against even these. Since ourbuilding can clearly be divided into the “new wing” and the older part of the building,we have created the two mirror arrays described above. One of the two arrays mirrorscomputers in the older part of the building, and the other mirrors computers in the newwing. Both mirror computers currently live in the older part of the building, but we aremaking preparations to house one of them (the one mirroring the older part of the building)in the new wing. This will give us protection against catastrophic events that destroy onehalf of the building, but leave the other half standing.Since we are mirroring such a large amount of data, we use “rsync” to synchronize the
mirror with the original disks. Rsync keeps the mirror up to date by copying only the filesthat have changed on the original disk. This allows the mirror to be updated very quicklyonce it has been established. Although establishing the mirrors required several days, thenightly updates only require two or three hours. The two backup servers together keepmirrors of 54 servers and workstations.Our goals in deploying the new backup system were several:
• To add redundancyAll backup media have a non-zero failure rate. Our old backup system wrote one copyof each backed-up file directly onto tape. If a tape failed, because of a manufacturingflaw or dust or grit in the cartridge, the backup files on the tape were lost. The currentsystem maintains the most recent backups on a RAID-5 array, where they are immuneto the failure of a single disk.
27
• To reduce expense of backupsWith the old backup system, we spent approximately $2,000 annually for backup tapes.This is equal to the cost of the two RAID arrays in the new system. We expect thesearrays to last for at least three years, and although we still use tapes to store olderdeletia, we can already see that we have greatly reduced the number of tapes requiredper year.
• To increase speed of backupsWith the old backup system, we found that full backups (done monthly) were takingabout three days to complete. As backups take longer to complete, we run a largerrisk of failing to back up files created while the backup was in progress. The newsystem, using rsync to synchronize a mirror copy with the original, reduces the timeto a manageable value.
• To ease restoration of filesReading data from backup tapes is a slow process. This is compounded by the factthat users who have accidentally deleted files often don’t know exactly when the fileswere deleted, possibly requiring support staff to search through many backup tapes tofind the missing files. The new backup system keeps backups on disk, where they canbe found with much less effort.
• To ease evaluation of backup qualityWithout reading through each backup tape (a task that could take several days underthe old system), it’s hard to have confidence that your files were successfully backedup. With the new system, it’s much easier to do spot checks to see if backups aresucceeding.
• To reduce maintenance timeSince tapes need changing less often under the new system, the backup system mainte-nance time is greatly reduced. Given large enough arrays, and a decision to delete back-ups older than a given cutoff date, the system could be made virtually maintenance-freefor several years. We have not decided to pursue this route, but it may become attrac-tive in the future.
As the price/gigabyte of disks continues to drop, we expect the expense of backups togrow. We currently back up 150 GB of files from departmental servers and 220 GB of filesfrom research group desktops and servers. With memory prices of about $2 per GB, ourresearchers are typically buying disks with 20 - 80 GB capacities. It’s obvious that, if westick with a centralized backup scheme, our backup system will need to grow rapidly.We are pursuing two remedies for this situation. First, we would like to begin the practice
of billing researchers for backup services. The rate would be arrived at by looking at thecost of equipment (disks, computers), supplies (tapes) and man-hours. We estimate that thetotal cost of backup services this fiscal year will be approximately $3,900. The total amountof data backed up is about 370 GB, so we would need to charge approximately $11 per GBper year to cover the cost of backup services. Currently, the most backup capacity taken upby any single research group is 90 GB. Using the $11 rate, this group would be billed $990per year for backups.
28
As a second approach to reducing the backup burden, we are encouraging researchers tobuy additional disks when purchasing a new computer. Ideally, they should purchase threetimes as many disks (of equal size) as they will need to store their data. Since disks arerelatively cheap now, this doesn’t add much to the price of the computer. These additionaldisks can be used to set up a “delayed mirror” of the user’s data, and a cache of recoverabledeleted files. Mirroring to a second disk, internal to the computer, has several advantages.It’s fast (much faster than tape or network backups), it works even for computers that aredisconnected from the network, it reduces the traffic on our network, and it requires no userintervention. It’s also cost-effective for the research group. For example, a local backupsystem with a 90 GB capacity would have a one-time cost of about $500, compared to the$990 per year cost of centralized backup. Most importantly, it’s scalable, since it allows thenecessary additional backup capacity to be purchased along with a new computer.There are disadvantages to local backup systems, though. The major disadvantage of
internal backups is the lack of protection in case the entire computer is lost, through theft orfire, for example. A local backup system also has a limited capacity for storing old versionsof files. With the current centralized backup system, older files are written to tape beforethey are deleted from the backup servers’ RAID arrays, making it possible to recover filesfrom far in the past. An internal backup system only allows for the recovery of recently-lostfiles (4 days to one month, on the systems we’ve set up so far.) Even with these limitations,local backup systems have many advantages, and offer an alternative for those researcherswho would like to opt out of the centralized backup system if we begin billing for the service.We’ve implemented such systems on Linux computers owned by three of our research groups,and on several of the departmental NT servers (where the local backup system provides anextra backup, independent of that provided by the departmental backup server).
29
Security, Privacy and Abuse
As we rely more on the network, privacy and data security become more important issues.Security problems that have arisen in the past include:
• In 1997, we received calls from a vendor, complaining that one of our users had writtena program to automatically submit entries to a contest the vendor was running. A bugin the program caused it to submit these entries at a very high rate, which causedrepeated crashes of the vendor’s web server. We located the offender and stopped theprogram, but not before the vendor had registered a complaint with the office of thepresident of the University.
• In 1999, after reporting a breakin attempt from a Canadian university, we were con-tacted by the Mounties (!) and asked to supply log files to be used as evidence in thetrial of a suspect they’d arrested in a related case.
• Later in the same year, the University was contacted by law enforcement officials afterseveral hundred people received e-mails as part of a credit card scam. The schemeinvolved the use of an official-looking web form, asking for credit card information.The form then used a general-purpose CGI e-mail script on one of our department’sservers to mail the information to an address in Russia. We supplied the FBI with logfiles documenting the event, and shut down the CGI script that had allowed it.
• In 2000, we saw the appearance of a widespread virus called “the Love Bug”. Thevirus spread by e-mail around the world, and was widely propagated around UVA.Our department was well-protected, but we still saw several infections. Other depart-ments, particularly those which used MS Outlook (on which the virus thrived) as theirstandard mail program, were hit much harder.
• Also in 2000, a hacker broke into one of our computers and (among other things) senta disturbing e-mail, in the name of one of our users, to someone at TJNAF.
These incidents are all clearly quite serious, and any of them could lead to legal problemsor financial liability for our department. We have put much effort into improving securityduring the past few years, and we’ve seen a dramatic reduction in the number and severityof incidents.Computer abuse in our department is usually in the form of virus infections, breakins or
breakin attempts. Virus infections are primarily a problem for computers running MicrosoftWindows (we have also seen a few Mac infections), and breakins or breakin attempts areprimarily a problem for computers running Linux and other Unix variants. Figure 16 showsthat activity related to breakins first appeared in 1997, rose dramatically in 1998, and hasdeclined steadily since then. We attribute the decline to the fact that our standard Linuxconfiguration, featuring a number of security-enhancing features, is now well-established.Virus activity appears earlier (1995 is the first year for which we have records, but viruseswere seen in our department well before that), but it shows a sharp decline since 1999,reflecting our deployment of a centrally-managed anti-virus package (Norton AntiVirus, forwhich the University has a site license).
30
Breakins or Breakin Attempts
Year
0
2.5
5
7.5
10
12.5
15
17.5
20
22.5
25
1995 1996 1997 1998 1999 2000 2001
Viruses
Year
0
5
10
15
20
25
30
1995 1996 1997 1998 1999 2000 2001
Figure 16: Number of days on which security-related events were recorded. (Snapshot takenApril 10, 2001.)
Although our department has dealt well with computer abuse issues in the past, we havefew written policies. Computer abuse has become a complex topic, with legal and ethicalcomponents. For reasons of clarity, consistency, and fairness, we are working to draft a set ofsecurity, privacy and abuse policies for computer systems in the department. The Universityhas recently approved a statement of “Responsibilities for Computing Devices Connected tothe University of Virginia Network”4, and ITC is drafting a privacy policy5. The Physicsdepartment may want to use these documents as a basis for our departmental policies. Sincethe Governor has indicated that improved data security is a state-wide priority, ITC hasappointed a Director of Security, and will be concentrating much effort in this area in future.Abuse cases are brought to the attention of Physics Department computer support staff
in a variety of ways. Frequently, the UVA postmaster or another member of UVA’s abuseteam contact us when they become aware of a problem. Our departmental web page nowdisplays an address ([email protected]) to which abuse reports and questionscan be addressed.Although we don’t yet have a written policy controlling the dissemination of user data or
log file information, our unwritten rule has been to give out as little information as necessary.For example, we extract only the relevant sections of log files, and edit out unnecessary userand machine names before giving them to anyone. This is as much for security reasons asfor reasons of privacy. ITC’s draft privacy policy is much more cautious, requiring an actualsearch warrant before log files can be released to law enforcement, government officials orothers outside the University community.
4See http://www.itc.virginia.edu/policy/Policies/netdevices5See http://www.virginia.edu/abuse/info.html
31
Here are a few of the procedures we use for protecting the privacy of information:
Physical security
Our server room contains all of the servers owned by the department (but not those ownedby individual research groups). This includes Galileo (our beowulf cluster), our mail server,our web server, several file servers, a print server, and various other servers, including ourbackup system. Backup tapes are either left in the server room or taken home by computersupport staff for off-site storage. The room also contains our network hubs and switchesand the building’s phone punch blocks. This room’s lock requires a key that isn’t availableto anyone except computer support staff and the Director of Laboratories (Rick Marshall).Also, the room can only be entered through an outer room that’s on a different key, and isoccupied during the day on weekdays.Administrative offices (secretarial, accounting and chairman) are accessible after hours
only to the people who work there and (except for the chairman’s office) by computer supportstaff.In contrast to this, access to faculty offices and research labs is quite open. The faculty
have master keys that allow them access to the labs and offices of all other faculty.
Software security
As noted earlier, we are settling into a dual standard (Linux or Windows) for servers anddesktop computers in our department. That gives us two operating systems to worry aboutdata security on.On the Linux side, the first line of defense is a standard configuration, updated nightly.
The nightly updates allow us to install security fixes rapidly. Other security measures onthese machines include:
• Log files are accessible only to root.
• User mail files are accessible only to the user and to root.
• Unnecessary services are turned off.
• A script runs every hour to check the integrity of various system files, automaticallyrepairs damaged files and mails me a detailed report on the state of the machine atthe time the incident occurred.
• ”Portsentry” runs on each of these machines, looking for port scans and automaticallyblocking off offending machines, using ipchains.
On the Windows side, things are a little less organized. Although we’re starting to deploya standard configuration based on ITC’s “Premium Desktop” installation, we’re not nearlyas far along with that as we are on the Linux side. Although we’re installing a standardconfiguration on the machines set up by our computer staff, there are some computers thatnever pass through our hands. There’s no requirement that our researchers go through us
32
when purchasing or configuring a computer. When we do set up a computer, we typically erron the side of too much security, rather than too little. We find that users of our ”standard”Windows machines often complain of being unable to install software, or unable to evenrun Netscape properly, because of security restrictions. It’s not clear that there’s a goodsolution for this problem yet. Many Windows applications seem to want greater privilegesthan should really be required for them to function. When these issues come up, we makechanges as administrator, or change permissions as much as is needed to make things work.Other NT security measures:
• Each user in the department is assigned a home directory on one of our NT file servers.This provides a secure, backed up area for the users’ files.
• We have two NT file servers, one for students and one for faculty and staff. Thisprovides a small extra measure of security for sensitive material handled by staff andfaculty.
• We don’t allow ”guest” accounts. At worst, we have a few ”lab” accounts, for researchgroups with shared computers in a research lab. Users are encouraged to log on asthemselves, even on Windows95/98 machines, because logging on gives them access totheir home directory and to the department’s public printers.
Because of the privilege issues mentioned above, some users are given administrativeprivilege on their workstations. No one except computer support staff has administrativeprivilege on the NT servers, however.Our department has a “watchdog server” that keeps an eye on various things, including
the hub stacks that serve most of the department. This has proven useful in cases wheresomeone believed that an unauthorized person was using a computer after hours. After thefirst such incident, we set up a hub statistics log on the watchdog server to record trafficstatistics for 24 hours. When the second case came up, we were able to look at the log andshow that the computer hadn’t been turned on during the night. This data isn’t availableto anyone except computer support staff.
Sensitive Data
Below, we list some of the types of sensitive data present in our department, and the stepswe have taken to protect it.
• Social Security Numbers (SSNs)Although students may choose to have a different number as their student ID, most usetheir SSN, so most student records contain SSNs. Because of its wide use, this piece ofsensitive data is the most difficult to protect. We have taken precautions with paperdata (see below) and require passwords for access to administrative files containingSSNs on our servers.
• Financial information
33
– Tuition & FeesTuition & fees payments are handled through UVA’s “ISIS” system, and a “securecard” is required for access. This card is an electronic device that produces a stringof characters which must be supplied, along with a password, to gain access tothe tuition and fees portion of the ISIS system.
– PayrollFellowships are also handled through ISIS, and require secure card access. Stu-dent, classified and faculty payroll are handled through paper documents, whichare kept in a secure area requiring a special key.
– Budgets & financial reportsThese documents are stored in the chairman’s office, accounting office and theoffice of the director of laboratories. Each is a secure area accessible through aspecial key available only to authorized personnel. Working copies of the doc-uments are stored in electronic form on one of our file servers. Access to theseelectronic documents is restricted, by password, to authorized personnel. Papercopies are also maintained, and stored in locked cabinets in these rooms. In ad-dition to the regular server backups the electronic copies are backed up by handfrom time to time, by copying them on to a computer in the chairman’s office.
– Accounting InformationAll accounting information is kept in electronic form, although some is duplicatedin paper documents. Doors to the accounting office are locked when the office isunattended, and require a special key available only to authorized personnel. Allpaper documents are stored in locked cabinets. Electronic documents are storedeither on computers in the accounting area or on one of the departmental fileservers. The documents residing on the file server are protected, by password,from unauthorized access.
• Personnel recordsFaculty and staff personnel records are kept as paper documents and stored in secureareas, accessible through a special key available only to authorized personnel.
• Student recordsDepartment staff keep copies of student’s grade records on file in the form of paperdocuments. These documents are stored in secure areas, accessible through a specialkey available only to authorized personnel.
• ExamsMembers of our secretarial staff sometimes type up exams for our instructors. Thesedocuments are stored electronically: on diskettes, local disks or one of our file servers.Access to the area containing the secretarial workstations (and any diskettes) is re-stricted by a special key available only to authorized personnel.
• FaxesThe accounting department has its own fax machine, which resides in a secure area.
34
• E-mailE-mail messages sometimes contain personal data. For example, one member of ourstaff sometimes handles visa applications for foreign students, which often requires thecommunication of sensitive data via e-mail. Although people in our department usea wide variety of e-mail systems, departmental staff store all e-mail on one of our fileservers and generally do not make paper printouts. Access to the mail messages onour server is password-restricted.
35
Staff
There are currently two full-time computer support people in the Physics Department:Shawn Gimbert and myself. I’ve been the department’s system administrator since Julyof 1995. Shawn is our first additional full-time employee, but in the past we’ve employed anumber of graduate and undergraduate students to supplement the computer support staff.At times we’ve had as many as four support staff (myself plus three part-time students) andat times it’s been just me.Since 1995, all of the computer support staff have kept track of the hours they’ve worked.
This data has been used for billing purposes (grants are billed $18.50/hour for computersupport services) and to get an idea of what types of support are most in demand, so wecan make the best use of our limited resources.During the fall of 1999, Rick Marshall and I began looking at long-term trends in the
computer facility billing data collected between October 1995 and August 1999. The raw logdata contains a total of 7221 accounted hours6. Taking this data, I sorted items into severalcategories, to see how much time computer staff spend doing various parts of theirs jobs.The results are shown in the table below, followed by a description of each category. Thecomputer staff supports about 240 users, 210 desktop computers, 15 departmental serversand 19 research group servers.
Category %
Computer Labs . . . . . 18Web . . . . . . . . . . . . . . . . 16Productivity . . . . . . . . 14Research Support . . . 12Servers . . . . . . . . . . . . . . 8Administrative . . . . . . 5Office Support . . . . . . 4Hackers/Viruses . . . . . 3E-Class . . . . . . . . . . . . . 3Posters/Pictureboard 2Network . . . . . . . . . . . . 2Home PCs . . . . . . . . . . 2Consultation . . . . . . . . 2Backup/Restore . . . . . 2Dialin . . . . . . . . . . . . . . . 2Laptop . . . . . . . . . . . . . . 1Demolab . . . . . . . . . . . . 1Other . . . . . . . . . . . . . . . 1
Labs
Web
Prod
Rsrch
Srvrs
Admin OfcHack
EClass
Poster
Net
Home
Cons
Back
Dial
LapDemoOther
61599 of these hours come from the 6 months of March 1999 through August 1999
36
Categories:
• Computer LabsThe department currently has one general-purpose computer lab (room 315, 10 com-puters, restricted to physics users only), one computerized teaching lab (room 216, 6computers), and one computerized combination lecture/lab room (room 22, 8 comput-ers). The computers in these rooms are all PCs, with the exception of two Macs inroom 315, which are ageing and will soon be retired. Counted in this category is alltime spent setting up, upgrading and maintaining these labs.
• WebThis category counts all time spent setting up, upgrading and maintaining web serversin our department, as well as time spent designing web sites. We maintain two de-partmental web servers (Www98 and Landau1) and assist in the maintenance of someresearch-group web servers.
• Productivity“Productivity” includes support for faculty desktop computers, mail client and mailserver support and printing support. We support 44 faculty members (not countingresearch faculty and postdocs).
• Research SupportThis category includes support for research faculty, postdocs, graduate students andresearch group servers. We support about 98 research users and 19 research groupservers.
• ServersCounted in this category is time spent setting up, upgrading and maintaining ourdepartmental file and CPU servers. These include 3 NT file servers, 2 AIX computers(used primarily as CPU servers) and our departmental cluster, Galileo, which consistsof 12 nodes running Linux.
• AdministrativeThis category accounts for administrative tasks associated with computer support.These include paperwork, training, meetings, et cetera.
• Office SupportThis includes time spent supporting computers in the departmental offices (secretaries,accountants and the chairman’s office).
• Hackers/VirusesThis includes time spent preventing breakins and virus infections, and cleaning up aftersuccessful intrusions.
• E-ClassBeginning in the Spring semester of 1999, Lou Bloomfield and I developed a web-basedinterface for students in his How Things Work class. This interface, called E-Class,
37
has its own dedicated computer, and serves over 400 students each semester. ThroughE-Class, students can submit homework and term papers. Graders grade the workonline, and students can view grades, graders’ comments and homework solutionsthrough their web browser. This category includes all the time spent developing andsupporting E-Class.
• Posters/PictureboardOver the last several years, the department has produced a number of posters adver-tising special events and recruiting students for undergraduate classes. Most of thiswork has been done by Clara Colby, who has also done extensive work in creating andmaintaining the departmental picture board (both physical and web versions). Untilrecently, this work was billed through the computer facility, and so is included here.
• NetworkThis category included general work done supporting the department’s network infras-tructure. It does not include work done as part of any of the other categories.
• Home PCsThis category includes work done in support of home computers belonging to physicsdepartment faculty and staff.
• ConsultationThis includes general consultation not included in any of the other categories.
• Backup/RestoreThe department maintains a central backup server with a total tape capacity of 96 GB.Servers and many desktop computers are backed up by this server nightly. Includedin this category is time spent developing and maintaining this server, as well as timespent restoring files from backup tapes.
• DialinThis includes time spent dealing with dialin issues.
• LaptopThis category accounts for time spent supporting laptop computers.
• DemolabThe department’s lecture demonstration facility, managed by Mike Timmins and JohnMalone, maintains several computers on carts and a web server. This category accountsfor time spent supporting those computers.
• OtherItems that don’t fit in other categories are accounted for here.
38
Time in Categories vs. Year
0
50
100
150
200
250
300
350
400
95.5 96 96.5 97 97.5 98 98.5 99 99.5 100
Hou
rs/M
onth
Year
TotalComputer Labs
WebProductivity
0
50
100
150
200
250
300
350
400
95.5 96 96.5 97 97.5 98 98.5 99 99.5 100
Hou
rs/M
onth
Year
TotalResearch Support
ServersAdministrative
0
50
100
150
200
250
300
350
400
95.5 96 96.5 97 97.5 98 98.5 99 99.5 100
Hou
rs/M
onth
Year
TotalOffice Support
Hackers/VirusesEClass
0
50
100
150
200
250
300
350
400
95.5 96 96.5 97 97.5 98 98.5 99 99.5 100
Hou
rs/M
onth
Year
TotalPosters/Pictureboard
NetworkHome PCs
0
50
100
150
200
250
300
350
400
95.5 96 96.5 97 97.5 98 98.5 99 99.5 100
Hou
rs/M
onth
Year
TotalConsultation
Backup/RestoreDialin
0
50
100
150
200
250
300
350
400
95.5 96 96.5 97 97.5 98 98.5 99 99.5 100
Hou
rs/M
onth
Year
TotalLaptop
Demolab
Note that this data does not account for our entire work day, because we don’t accountfor tasks that take less than 15 minutes to complete. This includes such things as shortconsultations, reading and answering e-mail, submitting purchase orders, et cetera. To getan idea of the fraction of time actually accounted for, I’ve taken a look at login records formyself during the month of August 1999. These records show a total of 233 hours spent atwork during the month of August. The total accounted hours attributed to me during thatmonth were 189, so only about 80 percent of my time was accounted for.
39
HWBeeper
Contract
Materials
Paper
Tapes
SuppliesSW
Repair
Toner
Figure 17: Expenditures on state funds, FY 2000-01, as of the end of 2000.
Budget
Computer facility staff have control of three lines in the department’s budget: a computersupport budget drawn from state funds, a DCI budget (also from state funds) and a budgetdrawn from local computer facility funds. The first of these is used for the bulk of computersupport in the department. It includes hardware and software for our servers and networkinfrastructure, desktop support for our staff and teaching efforts, supplies for our publicprinters and backup systems, and repair and maintenance expenses. The DCI budget isused to keep track of DCI purchases (see the section above, on desktop computers). Moneyis paid out of this budget each time a DCI computer is purchased, and the budget is laterreimbursed from the Dean’s office and whatever other source (grant money or departmentalfunds) is used to pay the remainder of the computer’s price. The sum of all expenditureson this budget must always be zero. Finally, the computer facility budget is drawn fromlocal funds collected through billing for work done by the department’s Technical ServicesFacility (TSF). This includes work done by the shop, the electronics services offered byHarvey Sugerman, and the services provided by our computer support staff. This money isused for paying some of the salaries of TSF staff, and some of it is budgeted to the computerfacility for the purchase of tools and equipment that make our jobs easier, but are not partof the department’s infrastructure.The computer support (state funds) budget is the largest of the three, and the one
that has the most visible effect on the operation of our department. Figure 17 shows thedistribution of expenditures on this budget during this fiscal year, as of the end of 2000. The
40
total amount spent is $8,086.50, out of an allocation of $13,000.00.
Items in budget proposal for computer support for FY 2000-2001
• Paper for Public Printers ($839.50)
• Toner Cartridges for Public Printers ($2,500.40)
• Contractual Services ($2,000.00)This item includes wages paid to Clara Colby for work done on departmental webpages (not individual, research group or class pages) or helping users with problems(e.g., scanning, printing).
• Backup Tapes ($1,920.00)As noted above, in the section on backups, we believe this cost will be significantly lessin the future.
• Beepers ($166.80)
• Printer Maintenance ($1,213.50)
• Hardware ($4,561.76)This included money for the purchase of the two RAID arrays now attached to Galileoand Teleport.
• Software ($1,177.28)
• Stockroom ($400.00)
Items in budget proposal for local funds for FY 2000-2001
• Long Distance Charges ($100.00)
• Photocopying ($50.00)
• Software ($100.00)This includes software tools that make it easier for computer support staff to do theirjobs, but not software that is part of the department’s infrastructure. For example, the“ERD” package, which is useful for repairing damaged WindowsNT computers, wouldbe included in this category.
• Tools ($742.00)The largest expenditure here was the cost of a static-free work station, used whenbuilding or repairing computers.
• Training ($100.00)
• Hardware Contingency ($500.00)This is intended to take care of hardware failures that may occur in one of the computersupport staff’s desktop computers.
41
Future Plans
We expect to see steadily increasing demand for storage space, network bandwidth and CPUpower throughout the forseeable future. Below, I’ll summarize some of our plans for meetingthose demands.
• New mail serverAs noted above, the growing volume (and importance) of e-mail requires that we replaceour current mail server with a faster computer with more memory. We’ve identified adesktop computer that can be retired from its current role and used as the new mailserver. During the next few months, we hope to have the new server in place. Sinceour users rely so much on the mail server, we will configure the new server offline, sothat only a brief outage is necessary to switch from the old server to the new. This willalso eliminate the need to upgrade the operating system on the current mail server,which would require a lengthy shutdown.
• Additional backup arrayEven if we begin charging a fee for the backup services we provide to some researchgroups, we expect the volume of backups to continue growing at an alarming rate.To keep ahead of the demand, we’d like to deploy a third RAID array for cacheingbackup data. Currently, one of the two arrays is shared between backup cacheingand Galileo’s home directories. The new array would free up more space for homedirectories on Galileo, and give us additional backup capacity. We believe an adequatearray can be constructed for about $1,000.00, and we intend to include this as an itemin next year’s budget proposal.
• Departmental color laser printerAs noted above, we’d like to encourage users to use centralized printing resources, sincethis allows us to better manage the cost of printing. We’ve also had a steady demandfor high-quality color printing for the last several years. A centrally-managed colorlaser printer can be purchased for about $4,500.00. This item will be included in nextyear’s budget proposal.
• Network wiring for first-year offices, and workstations for desktopsEarlier this year, we purchased the supplies and hardware necessary to provide ethernetaccess to each of the desks in the first-year grad student office. We’ll be installing thisequipment during the summer of 2001. This will allow students to bring in laptops, forexample, and connect them to the network at their desks. We are also currently lookingat the cost of providing some sort of desktop workstation on each of the first-year desks.We’ve obtained several suitable monitors from the Dean’s office, and, using these, webelieve we can construct X-terminals for about $200.00 each. If it looks feasible, we’llbe including this as an item in the next budget proposal. We believe that such desktopworkstations would be very beneficial for our students, and would also be an attractivefeature to offer prospective students.
• Standardization and more central control of staff desktopsDuring the next year we will continue developing a standard configuration for the
42
desktop computers employed by our staff. We hope that the final product will alsobe useful for other members of our department who run Microsoft Windows on theirdesktop computers. Although Windows 2000 offers many advantages, we will probablynot be able to deploy it for quite some time, since our staff must be capable of usingthe software associated with the Integrated Systems Project, which will not run underWindows 2000.
• Upgrade Linux computers to RedHat 7.xOur standard Linux configuration is currently based on RedHat version 6.2. Version7.0 has been out for several months now, and we expect that the 7.x series will becomestable enough for use in a production environment by the time version 7.2 is released.At this point, we will begin upgrading existing systems to a new standard, based on7.2, and deploying this new standard configuration on any new Linux computers.
• E-Class developmentE-Class development will continue at least throught the end of the TTI fellowship. Bythis time, we hope to have the software packed into an easy-to-install package that canbe released as free software to anyone who wants to use it.
• Retire RS6000sOur department still has two living IBM RS6000 computers, Erwin and Landau4.These are little used now, and they will be retired soon. The names and functions ofthese machines will then be picked up by Galileo.
• Upgrade Galileo hardwareGalileo’s hardware, the fastest available when it was purchased three years ago, isnow slower than most cheap desktop computers. At todays prices, for a few thousanddollars we could greatly increase Galileo’s total computing power, by adding new nodesor upgrading the hardware in the existing nodes. This upgrade will appear as an itemin next year’s budget proposal.
• Decide whether to use Linux or Windows2000 on successors to present NT serversOur current NT servers are getting old, and have never been easy to manage. Duringthe next year, we will decide whether to replace them with computers running Windows2000 or Linux. Linux has many security and manageability options, and the serverscould participate in the already-established update and backup system used by manyother Linux computers in the department.
• Secure IMAP/POP connectionsWe’ve recently been experimenting with techniques for encrypting the passwords sentfrom one computer to another when users check their mail with IMAP or POP clients.This would greatly improve security in our department. We hope to deploy a solutionfor this problem, beginning in the next few months.
• Implement fees for backup services provided to research groupsThis has been described above. If we go this route, we need to make sure researchershave sufficient advance warning to budget for the additional expense, or take alternativemeasures.
43
• Create new, for-fee computing clusterIn addition to Galileo, we would like to create a powerful, for-fee computing clusterdedicated to research. We could create an expandable cluster, based on 1 GHz proces-sors with 1 GB of memory each, connected via gigabit ethernet, for about $2,000 pernode. The cost of the cluster would be recovered through billing for CPU cycles. Webelieve that such a cluster would be very beneficial to many of our researchers, andthat it could be constructed and operated on a for-fee basis at little or no cost to thedepartment. This will be an item in next year’s budget proposal.
• Deploy new print serverIn order to provide some new print services, we’ll be deploying a new print serverduring the next few months.
44
