Download presentation
Presentation is loading. Please wait.
Published byEmil Heath Modified over 9 years ago
1
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT THE PAUL SCHERRER INSTITUTE Swiss Light Source (SLS) Particle accelerator SINQ spallation neutron source Solar concentrator Laboratories and Administration Buildings
2
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT PSI Site Report The PSI IT department (35 Employees) provides the following central Services: –Network Service (Switched 1Gb Backbone, 1Gb to the Buildings, 100Mb to the Office/Lab, WLAN & VPN) –Database Service –User support –On Site Service Center (HW & SW troubleshooting) –CPU/batch Server –File Server (AFS & Windows) –Print Server (Cups & Windows) –Mail Server (Exchange 5.5, OWA) + Trend Micro Viruswall –WEB Server –Backup & Archive Service
3
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT Windows @ PSI 1600 User Account File, Print & Terminal server –Service Windows is mainly used on Office and Engineering Desktop Domains: –Old NT4 Domain (Clients < Win2000/XP) –New Windows 2000 Domain with Active Directory since 1. December 2002
4
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT Windows Domain Migration Preparation of Domain Migration started August 2002 (Windows Team 4 People) Migration of all 1600 Accounts happened at one Weekend, 1.December 2002 Most important for successful Migration: –Heavily testing –Migration Checklist –ADMT Vers. 2.0 –SID History field –Profile Migration: PSI VB Program
5
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT Windows OS Installation and Appl. Software Distribution we provide a central Purchasing, Installation and Configuration Services for all Desktop PC’s McAfee Antivirus SW Installation is a must for all Windows PC’s connected to the Windows Domain Standard OS and Application reinstallation can be done by local Supporter with a installation diskette over the network SW Distribution for additional SW via OnDemands® WinInstall Availability of a wide range of Application SW leads to high number of standardized installation
6
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT Windows-Linux/Unix Integration Access to Windows/Office Application via TS, no dual boot or vmware supported, but possible AFS Access on Windows PC via AFS Client or AFS/SMB Gateway Windows Data Access Linux PC via NT mount (PSI script)
7
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT Linux Based Services ● PSI Linux Installation (Redhat, currently 7.3, modified Kickstart) ● AFS Service ● Archive System ● Vmware GSX Server ● Firewalls, IDS ● News/FTP/Print/Web Servers ● Linux Farm (56 nodes, Myrinet) ● Database Service (Oracle) ● Service/Network Monitoring (Nagios, Nedi)
8
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT AFS Service ● Installation since 1999 ● 2 Database Servers + 4 File Servers ● All Servers based on Linux + OpenAFS ● 1.2 TB Storage for 750 Users ● Backup: Scripts + Disk Cache (2.6 TB) + Legato Networker ● AFS/SMB Gateway with smbklog ● Plans: Provide AFS Storage of different Quality (Backup, Raid, IDE,...)
9
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT Archive System ● Based on Legato DiskXtender (Unitree) ● Installations: ● Old: Sun with 13 TB on DLT3/4 (readonly) ● New: Linux with 9 TB on LTO1 ● Access through FTP and NFS ● 2 x IBM 3584 Tape Library, ~ 60 TB Capacity ● Problems with small Files (85% of Files < 100 KB) solved by using Disk based „Virtual“ Tapes ● Data Migration from Sun to Linux within next Year
10
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT Vmware GSX Server ● Linux, Dual CPU, 4 GB Ram ● Advantages: ● Hardware Consolidation ● Fast Installation/Backup of Virtual Machines ● Used for: ● Windows Test Domains (W2k + 2003) ● Linux Reference Installations ● Firewall Rulset Tester ● Failover for Servers (CUPS) ● Small dedicated Servers
11
Paul Scherrer Institut 5232 Villigen PSI HEPIX_AMST / / BJ95 PAUL SCHERRER INSTITUT Security @ PSI ● Firewalls: ● 100 Mbit Internet Connection ● Based on Linux with 2.4 Kernel, installed in early 2002 ● Not a single failure ● Firewall Policy: ● Close everything - open required ports (= most hosts only SSH) ● P2P is explicitely not allowed ● Secure Communication (SSH, IMAPS, VPN) ● Intrusion Detection: ● Internet connection monitored with Tcpdump, Snort, Port Scan Detector ● FreeVeracity on all public Servers ● Work in Progress: ● IDS System/Firewalls for Gigabit Network ● Find Replacement for FreeVeracity
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.