The Travelling Scientist Problem

Download Report

Transcript The Travelling Scientist Problem 

The Traveling Scientist
Problem
Tobias Haas
DESY Computing Seminar
19 May 2003
This Talk
 Context

HEPCCC, HTASC and all that
 What
is the “The Traveling Scientist
Problem”
 HTASC survey/discussion
 HTASC/HEPCCC recommendations
 Some remarks
 Conclusions
Credits
 Manuel

“People-centric environments”
 Irwin

Delfino:
Gaines:
“Traveling Physicist Problem”
 HTASC
members and in particular Jorge
Gomes:

User survey
HEPCCC/HTASC

High Energy Physics Computing Coordination
Committee (HEPCCC):



Brings together major HEP computing sites from the
CERN member states at directors level. (Includes
observers from US and Asia)
Reports to ECFA
Tasks:
• Discuss organisation, co-ordination and optimisation of
computing in terms both of money and personnel, e. g.
common research proposals to the EU
• Information exchange

http://tilde-djacobs.home.cern.ch/~Djacobs/Hepcccw3
HEPCCC Recent Agenda Items










Computing for QCD calculations
Computing for COMPASS
Computing for BELLE
Future computing needs for non-accelerator-based
experiments
The Lyon biology grid project
Status and plans for the GridKA
Status of US/CMS computing
Status of the Tier-1 center in the UK
European networking
The “Traveling Physicist” problem
HTASC
 HEPCCC
Technical Advisory
Subcommittee



Advises HEPCCC on technical issues
Representatives from CERN member states
http://htasc.pi.infn.it/
Netherlands: Els de Wolf
Members:
Austria: Gerhard Walzel
Belgium: Rosette Vandenbroucke
CERN: Jürgen Knobloch
Czech Republic: Milos Lokajicek
Scandinavia: Björn Nilsson
France: Francois Etienne
Germany: Rainer Mankel
Greece: Emmanuel Floratos
Hungary: Jozsef Kadlecsik
Italy: Francesco Forti
Norway: Ola Borrebak
Poland: Grzegorz Polok
Portugal: Jorge Gomes
Slovakia: Peter Chochula
Spain: Nicanor Colino
Switzerland: Christoph Grab
UK: Allen Flavell
Observers:
US: Irwin Gaines
Japan: Setsuya Kawabata
Chairman:
Tobias Haas
HTASC Recent Agenda Items
 Nordunet/Nordugrid,
 Computer
and network security,
 W2K/WXP migration,
 Video conferencing,
 LCG application domain,
 PASTA III report,
 Babar computing,
 “Traveling Physicist Problem”
The Problem
 Despite
the fact that technology facilitates
user to user communication, people still
travel.
 this will not change
 When
people travel, they expect to be able
to access computing services, at various
levels.
 The general perception: This is difficult!
 Why?
Why?

Incompatible technical standards




e. g. Electrical plugs
e. g. Telephone plugs
e. g. wireless standards (French WLAN cards do not
work in Switzerland)
Incompatible policies


Competing/Incompatible authentication mechanisms,
Widely varying security standards.
Lack of Coordination
DEN
USA
GER
SWI
A “Gedanken” Obstacle
Course for Traveling
Physicists…
Disclaimer
Even though names and places have been
changed, the following has been taken
from the real experiences of real people
traveling to real places, trying to do real
work!
Obstacle 1:
Just arrived at CERN for a
meeting but unfortunately
forgot what room it takes place
in:
 Check the invitation in your
email!
Handicap:
have no laptop!
You
Traveling without a laptop:
logon to DESY

This should be the simplest thing to ask… but

How do you get access to a public workstation at
CERN?
 CERN has public access workstations in front of the User’s
office…
 … but you need a NICE2K login …
 find that old friend of yours and use his office + computer …

Most labs require ssh (CERN only recommends)
 Everybody has ssh nowadays  right !?

But… is it the right version and is it not been hacked?
 Use DESY’s wonderful bastion web site
 … bastion does not work on his MAC
Obstacle 2:
You are at SLAC and would like to send an
email. (You did bring a laptop)
Handicap:
You are using imap and a
reasonable mail client
(netscape, mozilla or outlook
express!)
Traveling with a laptop:
trying to send mail via mail.desy.de

You have successfully connected your laptop to
the local network 
 You can read your mail 
 Now you try to send a mail:
 mail.desy.de stubbornly refuses to send mails 
 Local experts hint that this is probably a security feature!
 … you might logon to DESY and use pine …
 … unfortunately you have not used pine in years and have
gotten used to the ease and comfort of a modern mail client
 … you grudgingly decide to use pine
 A week later after you get home you realize that you have
no record of the emails you sent.
Obstacle 3:
Just arrived at SLAC for a seminar and you
realize that your talk which you prepared
well in advance does not seem to be on
your laptop even though you checked
twice before leaving DESY.
Handicap: You are using Windows and you
routinely store your documents on drive h:
(which has backup!)
Traveling with a laptop:
trying to access Windows file systems

You have successfully connected your laptop to
the local network 
 Now try to access data on drive h:
 Your laptop does not find the network drive 
 Local experts hint that this is probably a security feature,
because windows file protocols are blocked at the firewall
almost everywhere!!!
 … experts suggest that somebody at DESY should copy the
file to AFS …
 … unfortunately, almost everybody at DESY is asleep …
 … but you remember that a friend of yours happens to be
on night shift in the ZEUS control room – you call and ask
him a favor.
 Unfortunately, much too late you realize that your AFS client
is no working either!!!!
Obstacle 4:
You ordered a brand new shiny
lightningly fast DSL connection to
be able to prepare conference
talks at home. Unfortunately after
spending 2 weekends getting it
to work you realize that
everything you could do at DESY
over your old sluggish ISDN
connection does not seem to
work any more.
Handicap:
You are not an expert on
firewalls, IP mimickry,
PPPoIP, etc…
Working from home over DSL:
trying to access DESY resources




You have successfully configured your PC and your DSL
line 
Now try to access DESY resources:

access files on AFS 

send mail via mail.desy.de 

browse internal DESY web pages 

Print on DESY printers 
DESY experts tell you that you are trying to connect from
a ‘hostile’ network and are therefore blocked at the
firewall.
You don’t understand why DSL is different from ISDN
and decide to give up and use ISDN to connect to DESY
Obstacle 5:
As a ZEUS collaborator from the US you come for
a collaboration week and you would like to print
out the most recent version of a paper to read in
the evening in your apartment .
Handicap:
You arrive on Sunday evening and you have an
editorial board on Monday morning.
Coming to DESY with a laptop:
trying to print


You have forgotten your DESY passwords 
Now try to print from your laptop which is connected to
the DESY network:

You don’t know the name of the print server 




… even if you did … since your new laptop is not registered at
DESY, the printserver would not allow you to print 
You will not get it registered in time 
You go to the DESY guest house hoping that they may
have installed a wireless network there.
Unfortunately, you don’t know that you could have gone
to the canteen/bistro
Many more obstacles
 Working
from a hotel room,
 Dealing with different identities:

Member of different experiments, labs,
working groups, etc…
 Remembering
all those passwords,
 Hosting web pages or mailing lists
…
Questions in this Context
 Access

to IT resources
Mail, Webspace, printing, network, CPU
cycles, storage, SW binaries/licences,
document services, etc…
 Authentication

Identification, technology, signon, access
 Trust
Scope Definition

HEP is not an organizational entity like a global
corporation but a loosely bound conglomerate of
individuals (and institutions?) with a common
interest and without well defined borders and
without a constitution
 HEP laboratories and HEP experiments are well
defined entities with well defined borders and
constitutions
 From the point of view of individuals laboratories
and experiments overlap!
 Can a HEP “virtual organization” be
constructed?
HEP Virtual Organization?
 Questions:





What is the common denominator?
Who are the players? (Individuals, labs,
countries, finance agencies?)
Who is going to provide the resources?
Technology?
Is it actually needed?
Simplify: The Traveling Physicist






Term coined by Irwin Gaines
Separate from GRID computing
Everybody has a home institutions
IT resources available at home institutions are
typically very good
… access to the resources is often difficult …
Collaboration/coordination between different
HEP sites can improve the situation!

Starting point of HTASC Discussion
HTASC Discussion
HTASC Discussion
LIP and the Traveling Physicist
Jorge Gomes
LIP - Computer Centre
XXIII HTASC Meeting – CERN March 2003
The user opinion
XXIII HTASC Meeting – CERN March 2003
Remote access
– Users want access to resources from:
•
•
•
•
•
Universities and other institutes
Conferences
Home (through ADSL and Cable)
Hotels
Airports
– Using:
• Their portables (everybody has one)
• Local workstations and terminals
XXIII HTASC Meeting – CERN March 2003
Arriving to a site with a portable
– Users complaint:
• Network configuration
• Different site policies (such as portable
registration).
• Some sites still don’t have DHCP.
• Physical network
• Lack of network sockets for portables.
• Wireless networking coverage is often bad.
• Why doesn’t CERN have WLAN at the Foyer ???
• Power
• Sometimes the power plugs don’t fit in.
• Most conference rooms lack power outlets.
XXIII HTASC Meeting – CERN March 2003
Arriving to a site with a portable
– Users complaint:
• Mail usage
• Home SMTP servers are closed because of SPAM.
• Access to the home mail server can be difficult
without web mail.
• Obtaining the name of the local SMTP gateway can
be a problem and requires reconfiguration of the
mail agent.
• Different print environments
• In some sites special packages must be installed.
• Installation of drivers in Windows, Linux and Mac.
XXIII HTASC Meeting – CERN March 2003
Arriving to a site without a portable
– Users complaint:
• Workstations
• Need of a local account to use an existing
workstation (even public).
• Different accounts at each site.
• Lack of public workstations for guests.
• SSH and SCP is not installed everywhere.
• Affects login, file copy and X applications.
• X servers to available in some public PCs
• Network
• Most sites don’t accept telnet 
• This is a problem with the old X terminals
XXIII HTASC Meeting – CERN March 2003
Generally
– Users complaint:
• X being slow across sites.
• SSH compression doesn’t work when privilege separation
is enabled.
• Access to the home directory without AFS is
difficult.
• Differences in the commands available at the
several sites.
• Problems with powerpoint compatibility across
sites.
• Difficulties in transferring files namely when
using portables.
• Access to systems behind firewalls.
• Certificates and CAs not recognized everywhere
(affects webmail).
XXIII HTASC Meeting – CERN March 2003
Recommendations
– WEBMAIL is essential when travelling.
– Things that should be available at all
institutes:
•
•
•
•
•
•
•
Wireless LAN
Power outlets
DHCP
SSH and SCP
PS printers available through LPD
Public workstations for guests
Web page with information for travellers
on how to use the local resources
XXIII HTASC Meeting – CERN March 2003
HTASC Discussion Results

The Traveling Physicist is an everyday reality
 …but life of the traveling physicist is surprisingly
hard …
 Everybody agrees on the problems but erects
different individual stumbling blocks.
 Life could be made a lot easier if the key players
(labs, institutes) provide a standard set of
services AND documentation on how to use
them
HTASC Recommendations

Standard services to be provided for the
“Traveling Physicist”:











Wireless LAN (e.g. guest houses/hostels)
VPN
Power outlets in seminar rooms
DHCP
SSH and SCP
WEBMAIL interface
Authenticated SMTP service
Access to print services for guests
Public workstations
Redundancy
Documentation in standard location on the WEB
Comments on WLAN
 Wonderful
thing
 … but coverage varies …
CERN: very poor, (e. g. only some conference
rooms, no WLAN in cafeteria, hostel, etc…)
DESY: fair (all conference rooms, cafeteria,
but not in the guest houses
SLAC: excellent, almost everywhere
 There
is a security concern: WLAN can be
easily sniffed
Comments on VPN






VPN = “Virtual Private Network”
Establishes an encrypted channel between a
machine on a ‘hostile’ network and the DESY
intranet
… as if at DESY …
Very sensitive to network
instabilities (machine hangs!)
Some sites concerned
about
security
One more PW
Comments on DHCP
DHCP = ‘Dynamic host connection protocol’
 No fiddling with IP numbers
 Network interface needs to be registered to get
on the INTRANET
 Multiple interfaces on one machine sometimes
pose a problem
 Interesting effects in combination with wireless
(same address allocated more than once)

Comments on SSH and SCP
 Use
of ssh should be without question…
 … client situation on windows is less than
optimal (e. g. no built-in client in XP)
 … but not everybody requires it (e.g.
CERN still only recommends). Hence, not
every machine has clients.
 … even ssh is not foolproof.
WEBMAIL
Conclusions

The traveling scientist is an everyday reality,
 The general level of support is still only in its infancy,
 This causes a great level of inefficiency and frustration,
 In most cases the causes of inefficiency and frustration
are organizational rather than technical. This requires
organizational solutions, i. e. coordination
 A modest first step has been made by HTASC/HEPCCC
in this direction.
 Let’s see what comes of it…