HEPiX-HEPNT 2000 Report Enrico M.V. Fasanelli & Gian Piero Siroli.

HEPiX-HEPNT 2000Report

Enrico M.V. Fasanelli &

Gian Piero Siroli

Enrico M.V. Fasanelli & Gian Piero Siroli Commissione Calcolo - Roma 14 Novembre 2000

Report

We Apologies to the Audience…• Written (you may read: “cutted-and-pasted”) in

English directly from the HEPiX-HEPNT 2000 talks (without the permission of authors)

• Long and annoying– But there is two full days ( two lunch, four coffee

breaks, and two dinners) with 21 official talks

• Incomplete


Report

Outline of Workshop Summary• Approach to Windows 2000• Windows 2000 deployment• Application deployment/support• Security / Authentication issues• Web services• Other utilities

– Windows Terminal Server

– Exchange

• HEP applications (triggered by GPS)


Report

Approach to Windows 2000• The common approach: Form a committee…

– New w2k domain for DESY.• integrated to the existing NT one (migration by evolution

from NT to W2000).

– CERN is following the MS recommendations for the NT4 to W2000 migration.

• a lot of problems in migrating out of Novell NetWare

• MacOS too is a problem (policy problems).

• Production date of W2000/NICE2000 is delayed…

– RAL (CLRC) has W2000 only on some laptops and servers and move cautiously towards Active Directory.

• The existing NT4 domain is crucial to lab

• They are now inside the clrc.ac.uk domain with Daresbury Lab


Report

Approach to Windows 2000– FermiLAB: from 30 NT domain to a single W2000 one.

• with multiple organizational units.

• Investigate possible NT4 to Active Directory migration tools.

– LAL / CNRS is migrating the NT4 domain to W2000.

• Initially in mixed mode (VMS PathWorks constraints).

• Keep the DNS primary server on UNIX.

• No plan for a wide upgrade, but new PC in W2000 by default.

– CEA/DAPNIA/SEI are implementing a pure W2000 domain.

• Try to use the max. of W2000 functionalities.

• Products are assigned or published with Group Policy.

• Startup scripts for computers and users.

– SLAC is heavily based on NT4 WTS.

• Testing & implementation of W2000 native Terminal Services and Application Deployment Services is planned.


Report

Windows 2000 Deployment• RIS limitations

– RIS is not able to install Server version of W2000.– Concurrent Remote Installations can overload the

server.• Unicast based actions slow down the process of multiple

installations.

– Unable to control disk partitioning during the installation process.

– Retrofitting drivers in the image is very complex.

• PowerQuest Drive Image Pro– Faster than RIS for single and multiple installation

• RIS 1m21min, 4m48min; DI 1m12min, 4m14min.

– Meaningless auto generated computer names


Report

Application deployment/support• Beyond MSI

– Group policies may work in a small scale environment. For large sites the extra features of SMS (v2.0 +SP) seem to make it the most attractive. For medium sites third party solutions such as Delta Deploy have more functionality than GP with less complexity than SMS

• MSI is NOT an application manager.– Focus was installation process, not software

management– Targeting in a pure Win2000 environment with Active

Directory and GPO• High complexity

– No targeting for Windows NT 4.0 and Windows 9x


Report

Security & Authentication Issues• Compatibility issues in mixed environments.

– If you are in mixed environment, the least you should do is get rid of LanMan Hash until Microsoft solves Win2K with NTLM v2 problem.

• Common password service– JeffessonLAB: jpasswd

– Kerberos 5 support ?


Report

Web Services• Namespace, ISP like Web services• Web is more than HTML !

– File services

– XML – the basis for distributed services –

• SOAP


Report

Other Utilities• Windows Terminal Server

– At SLAC is used heavly• Clients on Terminals Windows CE based (WYSE)• Users are happy• Is not clear if the version embedded in W2000 is able to speak

to Citrix clients

• Exchange– PROS

• Encrypted passwords, Secure web access, Database for messages

• In addition it had calendar and virus scanning add-on

– CONS• Eudora does not support SSL (and Exchange does not support

Kerberos)


Report

HEP Applications• Discussion triggered by Gianni.

– The approach for the SW development is very different from W & U environments.

– The GRID MiddleWare can be the response?

– Applications can be written in a architecure independent way?

– But there are aready some physics applications (ROOT for example) that is Win ready.


Report

References

http://www.jlab.org/hepix-hepnt/agenda.html

HEPiX-HEPNT 2000 Report Enrico M.V. Fasanelli & Gian Piero Siroli.

Documents

Transcript of HEPiX-HEPNT 2000 Report Enrico M.V. Fasanelli & Gian Piero Siroli.