HTASC Report to HEPCCC David Kelsey RAL d

HTASC - Report to HEP-CCC David Kelsey, RAL d. p. kelsey@ rl. ac. uk 9 April 1999 (http: //home. cern. ch/~eauge/htasc/public/) 9 -Apr-99 D. P. Kelsey, HTASC report 1

HTASC #11 4 th/5 th March 1999, CERN Agenda • Routine business – including ‘Roundtable’ update • • Report from HEPNT group Report from Security group Y 2 k problem Software licensing 9 -Apr-99 D. P. Kelsey, HTASC report 2

HTASC Membership • Two new members – Ola Borrebaek (Norway) – Nicanor Colino (Spain) • Still no participation from Austria, Finland, Greece, Portugal and Sweden • HTASC #11 – 15 members in attendance 9 -Apr-99 D. P. Kelsey, HTASC report 3

Roundtable update • Essentially unanimous agreement • • – European network (TEN-155) is good – poor/unusable access to USA Some concern (privacy implications) about CERN’s monitoring of network traffic Network charging (CH by volume, HU by bandwidth, UK/transatlantic by volume) Increasing activity in Video Conferencing Linux growing fast – worries about support and user-managed systems 9 -Apr-99 D. P. Kelsey, HTASC report 4

HEPNT Open Meeting: 2 -4 Dec 98 (CERN) – http: //hepntdays. web. cern. ch/hepntdays/home. htm • successful first meeting – 67 participants from 11 countries (incl. USA and Canada) • important themes – – – 9 -Apr-99 Installation, configuration and management Windows 2000 (NT V 5) Security UNIX/NT integration File serving/sharing HEP applications on NT D. P. Kelsey, HTASC report 5

HEPNT (2) 28/29 Jan 99: closed meeting (CERN) • WAN file sharing – – INFN proposal for WAN NT domain Identified need for tests of RAS/PPTP over Internet AFS/NT is the interim solution WWW is likely to be the future • Windows 2000 (NT 5) – several test domains exist – more are coming (e. g. a CERN WG) – useful to collaborate on migration to Windows 2000 • Aim to complete web pages by June 99 9 -Apr-99 D. P. Kelsey, HTASC report 6

HEPNT (3) • Future plans – HEPi. X (14 -16 April 99 at RAL) • includes various NT talks – 20/21 May 99 closed HEPNT (DESY-Zeuthen) • finalise web pages • review mandate (report back to HTASC/HEPCCC) • plans for Windows 2000 – joint HEPi. X/HEPNT meeting (USA, Autumn 99) • 2 nd Open HEPNT meeting (1 st in USA) – Windows 2000 migration group? 9 -Apr-99 D. P. Kelsey, HTASC report 7

Security Group • New group, created at last HEP-CCC • See next 7 slides from Tobias Haas (chairman) • report delayed until June 99 HTASC meeting 9 -Apr-99 D. P. Kelsey, HTASC report 8

Mandate Draft Mandate of HTASC Computer/Network Security Subgroup ======================== Advise HTASC/HEPCCC on Computer and Network Security needs and to suggest policies to meet those needs for HEP laboratories and institutes by • defining computer/network security guidelines for HEP institutions, • estimating the resources needed to implement such guidelines, • suggesting means of communication between the institutions in case of security incidents. 4 -Mar-99 HTASC security, Tobias Haas 9

Membership(updated) • A. Flavell (UK) • • J. Gamble (CERN) T. Haas (Germany/Chair) J. Kadlecsik (Hungary) W. Niepraschk (Germany/DESY) to be confirmed. . . • R. Cowles (SLAC)? • B. Perrot (LAL, Orsay)? • E. Wassenar (NIKHEF)? 4 -Mar-99 HTASC security, Tobias Haas 10

Schedule • Report to March HEPCCC. • Delayed by Chairman’s fault. • Plan now: – get going during this meeting – circulate draft recommendation soon after – finalize asap. 4 -Mar-99 HTASC security, Tobias Haas 11

Basic Ideas • • General Awareness Scope of Security Summarize activities in various labs/universities Extract common trends/recommendations 4 -Mar-99 HTASC security, Tobias Haas 12

Organizational Issues • Management Support – responsibilities • coordination team • expert team – policy – personnel issues • National Specialties • National/International Support 4 -Mar-99 HTASC security, Tobias Haas 13

Technical Issues • • Firewalls Monitoring Different Operating Systems Examples for general good practice – passwords – file protections • Hot Topics 4 -Mar-99 HTASC security, Tobias Haas 14

Emergency Procedures • WWW – When? – Who? – What? 4 -Mar-99 HTASC security, Tobias Haas 15

Y 2 k problem • brief discussion at HTASC #10 and last HEPCCC • Lab infrastructure is assumed to be under control - if not, already too late! • HTASC is concerned with the experimental collaborations • Wolfgang Tejessey (Y 2 k coordinator for CERN/EP) told us about CERN’s Y 2 k work • See Wolfgang’s slides (below) 9 -Apr-99 D. P. Kelsey, HTASC report 16

Y 2 k problem(2) • HTASC was impressed by the work under way at CERN • There seems to be nothing similar at DESY – HERA will run over the 1999/2000 rollover! • Many experiments have done a lot of work • But… no room for complacency • Should continue to raise awareness (aim for 100%) – particularly at DESY? • Requiring documentation (e. g. web) makes collaborations consider the problem 9 -Apr-99 D. P. Kelsey, HTASC report 17

Y 2 k problem(3) HTASC recommends… HEP-CCC should continue to remind HEP experiments: • It is their duty to analyse and fix Y 2 k problems. • They should document their strategy and decisions. Highest priority to be given to matters of ‘safety’ and mission-critical items. • should include detailed 99/00 roll-over plans (shutdown, startup, availability of experts etc. ) • Contingency plans should be made for mission-critical items 9 -Apr-99 D. P. Kelsey, HTASC report 18

Software licensing HTASC discussion. . . • HEP has decided to use more commercial software. • Computer hardware is getting cheaper. • BUT, commercial software costs are high! • Many, particularly poorer institutes, find that the costs are too large, both for initial licenses and ongoing maintenance, when not centrally funded • It used to be relatively easy to buy expensive hardware, but it is much more difficult to obtain funding for software! 9 -Apr-99 D. P. Kelsey, HTASC report 19

Software licensing (2) Some examples (figures are only illustrative!): • NIKHEF PC’s recently installed at FNAL (D 0) – 3 K NLG/PC (2 K CHF/PC) for software package – includes 500 CHF for the KAI compiler • Objectivity – $150 k for 100 licenses (10% development) – $2. 5 k/user for a full development license (or 10 KDM) • LSF (batch) – recently become more expensive – $150/cpu (or 600 DM/cpu) – clients cost ~20% of server license 9 -Apr-99 D. P. Kelsey, HTASC report 20

Software licensing (3) Consequences of these high costs. . . • Objectivity – DESY (Hera) would like to use LHC++/Objectivity – investigating use of ROOT and JAS instead • Batch systems – CERN (and other places) have chosen LSF to replace NQS – but high cost has resulted in Italy using Condor and IN 2 P 3 developing something on top of NQS • This causes problems for University groups having to support different experiments using different s/w • The (hidden) costs of supporting multiple packages should be included in any cost/benefit analysis 9 -Apr-99 D. P. Kelsey, HTASC report 21

Software licensing (4) • Discussion on GEANT 4 – Institutes & experiments have signed MOU (Jan 99) – Those not signing will receive worse support and lower priority for the development of specific needs – Some in HTASC were not happy about this – There was also a worry that GEANT 4 may require some components of LHC++, which may not be available • To summarise (last three slides) – there is a great danger of splitting the community • e. g. LHC++ for CERN experiments, but not for others – there is room for coordination 9 -Apr-99 D. P. Kelsey, HTASC report 22

Software licensing (5) HTASC recommends. . . • HEP should strive to find the funds for chosen commercial software. A split between physicists having and not having access to the software must be avoided. • All efforts should be made to make these standard packages affordable to everyone, including small institutes (HEP-wide deals, central funding etc. ). • The use of non-standard commercial software in HEPdeveloped packages should be discouraged. 9 -Apr-99 D. P. Kelsey, HTASC report 23

Future HTASC meetings • 10/11 June, 1999 (NIKHEF) – Report from the Security group – Video conferencing • 7/8 October, 1999 (CERN) – experience of ‘OO’ technology (e. g. Bar) and requirements for training – Networking issues, e. g. differentiated services 9 -Apr-99 D. P. Kelsey, HTASC report 24

Summary • HTASC invites HEP-CCC to take note of recommendations – on Y 2 K – on Software licensing 9 -Apr-99 D. P. Kelsey, HTASC report 25