Download Dark Matter and Dark Energy - Hitoshi Murayama Home Page

Computer Committee Report
Hitoshi Murayama
Faculty Meeting
May 16, 2003
1
External Review Committee
“the dysfunctional computer system”
“non-existent computer support”
“Computer support … seems to be in an
appalling state”
Quick Time™a nd a TIFF ( Uncomp res sed) deco mpre ssor are n eede d to s ee this picture .
Quick Time™a nd a TIFF ( Uncomp res sed) deco mpre ssor are n eede d to s ee this picture .Q ui ck
Ti m e ™ an d a T I FF ( U nc om p r es se d) de co m pr e ss or ar e n ee de d t o se e t hi s p i ct u re . QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture.
Q ui ck Ti m e ™ an d a T I FF ( U nc om p r es se d) de co m pr e ss or ar e n ee de d t o se e t hi s p i ct u
Q ui ck Ti m e ™ an d a T I FF ( U nc om p r es se d) de co m pr e ss or ar e n ee de d t o se e t hi s p i ct u
2
What are the problems?
• Poor Computer Network
• (Lack of) Security
• (Lack of) Computer Support
3
Network Upgrade
4
Poor Computer Network
• Network goes down once every few months
(once in April, once in May already)
• Problem sometimes last for a few days
• pushes some colleagues elsewhere
– LBNL, SSL, other Departments
– Some chose to call into LBNL
• Bandwidth saturated
• Architecture from late 80’s
5
Shared 10Mb/s Network
• Co-ax backbone, machines attached through hubs
• Hubs are “dumb” network device
• Party where everybody is shouting names at loud
and open
• Causes “packet collisions,” a “sniffer” can steal
passwords
• Users not allowed to install hubs, switches, routers
for in-room network
6
Fully Switched 100Mb/s Network
• Fiber-optic backbone, machines attached through
switches
• Switches are smarter network device
• Party where everybody talks over cell phone with
head set
• No “packet collisions,” a “sniffer” cannot steal
passwords
• Users allowed to install hubs, switches, routers for
in-room network
7
Fully Switched 100Mb/s Network
• Faster
• Only one port needed per room
– Saves network node charges (now ~$13K/yr)
– Free up to 521 nodes, cf 645 (4/29)
• Use switches (~$100) to install multiple computers
– No longer months’ wait for new Ethernet lines
– Just request new IP address by email
• Use routers with firewall
– Secure in-room network
• Can block bad machines based on the MAC address,
identify the location quickly
8
Physics is Behind
• Astronomy, Statistics, Economics, Math
(60%), MCB (Barker Hall), College of
Chemistry (most), EECS, CED, Haas, Law
School (Boalt)
• Dorms
• Sproul, California, University Halls this
year including the Riser Project
9
The Riser Project
• The Riser Project (infrastructure):
–
–
–
–
full-duplex vertical fiber-optic cabling
isolated, ventilated, clean electronics closet
cable trays above the ceiling
access hatches in the ceiling
• Makes job easier for CNS
– Gets job done quicker
• CNS wants to fund the riser project starting this
summer (pending approval)
• Does not include horizontal cabling
10
Costs
• The Riser Project:
– Old LeConte
– Birge
– New LeConte
$250K funded by campus
>$150K
<$525K
• Horizontal Cabling
– Old LeConte
$96K part of $12–14M
– Birge + New LeConte ~$200K
• Need 7’10’ closets
– 180 LeConte, 338 LeConte adequate
– Need new closets on 4th, ground floors
11
Politics
• CNS decides on priorities
– With Networking Advisory Committee
– Commitment to horizontal cabling needed to make the
case strong
– Opportunity to show the unity of the Department vs
“balkanized,” “disengaged” (Mark Richards)
• CNS proposes a list of buildings to Vice
Chancellors
– We need to get CNS argue for us
• Department should make a case for the Riser
Project to Vice Chancellors
12
Proposal
• How do we fund the horizontal cabling (~$200K)?
• Plan A
– Get more funds from the campus (Burnside?)
• Plan B
– A part of $12–14M can be used
• Plan C
– Ask for matching funds from Dean and Burnside
– $200K/two-way matching = $2K/faculty
• We propose faculty to vote on this commitment
13
Wireless
• Bring AirBears access points to Physics
• Submitted proposal to campuswide competition
for HP-donated access points
–
–
–
–
Student Reading Room and SPS Office (251, 275 LC)
Physics 111 Lab (282, 286 LC)
8AB Course Center (B5, B10 Hearst Field Annex)
7ABC Course Center (A20, A25 Hearst Field Annex)
• Fully switched network also allows user-installed
wireless access points
14
Computer Security
15
Problems
• IP addresses “stolen”
– Machines with a stolen IP address make the legitimate
ones unusable
– Several machines with unregistered IP address
– Security breaches reported about once/week
– Ghost machines pop up and disappear
– “sniffers” steal more info on a shared network
– No adequate record of machines, physical location, IP
addresses, owners in Physics
• Fully switched network will greatly help
16
Proposal
• Department Survey
– Build adequate database of IP address, hardware,
operating system, MAC address, owner, and physical
location
– Need your serious effort
• Buy proactive support from L&S
–
–
–
–
Keep watch on network activity
Educate Department on security issues
Help coordination, future planning of computing
5 hours/week = $17K/year (overhead return?)
17
Computing Support
18
Problem
• There is no computing support. Period.
• Established large research groups appear OK except for
security issues
• Hard for newcomers, junior members
• Different needs in different research groups.
• No unified model for everybody
• Support for individual PCs ~$1500/year
• Need to centralize to reduce cost
• Yet amorphous, flexible, can grow incrementally, secure,
both mundane and technical computing, regular backup
19
PANIC
• Physics Astronomy Network of Intel Computers
• Intel donated Dell machines as a part of the
Millennium Project
• Runs Redhat Linux, used by unaffiliated grads
• Account ($240/yr) offers:
–
–
–
–
–
–
100MB with nightly backup
Run Mathematica, Matlab, IDL
Home page
Secure connection
Free printing
L&S has been paying the administrator
20
Proposal
• Add dataless clients in offices/labs
–
–
–
–
–
•
•
•
•
Buy a PC from the provided list
Administrator comes in and sets it up
Maintained with monthly security patches
500MB nightly backup
$175/yr
Department pays $6K for server upgrade
Request L&S to continue supporting the admin
Give the admin an office in Physics
User Group reviews the cost model every year
21
What about PCs?
• No unified model to centralize support individual
PCs with different hardware configurations
• Possibilities:
– L&S support $52/hour
– UCBackup $10/month up to 1GB
– PANIC admin can double up as security and network
advisor
– Additional proactive support from L&S can provide
more help
22
Summary
23
Item
Riser
Who pays
Campus
Campus
Campus
Department
horizontal cables Campus
L&S
Department
Security survey Department
Security support Department
PANIC server
Department
PANIC admin
L&S
Department
Cost
$250K (Old LC)
>$150K (Birge)
<$525K (New LC)
space for closets in Birge
$96K (out of $12M)
$100K
$2K/faculty
$0, time
$17K/yr (overhead return?)
$6K
Half-time (status quo)
an office
Brown: done deal
24