Up: AiC Report to NOT
Jacob Clasen & Markku Verkkomieni report:
The interrim plan for the computer system before the new system
administrator arrived was to provide a consistent user home directory
environment combined with new deployment of the mail and WWW services,
all in a network secured by firewalls. All in that order.
A hacker incident in March forced a revision of this plan. The new
philosophy became that without a secure network, the implementation of the
oter items would possibly be impaired by future attacks. Therefore, the
construction of a firewall protection was given highest priority.
With the arrival of the new system administrator, the interrim plan was
enhanced and elaborated. The current plan is roughly divided into the
following 5 phases:
- Phase 1
- Network infrastructure & Security.
- To establish a protected network.
Two firewalls to protect the SLO network and the
Two Virtual Private Network (VPN) machines to establish
a tunnel between the ORM and the SLO networks so that private services
can be provided in a secure manner across the Internet (i.e. the
network link from ORM to the SLO).
- Phase 2
- Home directories and data storage.
- To provide homedirectories and instrument data
storage with data loss protection.
On the ORM: one RAID 1+0 storage system that provides home
directories and instrument data storage via NFS.
At the SLO: one RAID 5 storage system that provides home
directories via NFS.
These two systems will be syncronized in order to contain
the same home directory content.
- Phase 3
- Data recording.
- To provide a CD-ROM storage system for high data volumes.
- At the ORM, a CD-ROM jukebox of 240 CD-ROM's
controlled by a suitable host computer will be provided for CD-ROM
- Phase 4
- Computing services.
- To provice new and enhance exsisting services.
Migration of the web server to a different computer.
Implementation/enhancement of the following services:
mail, DNS, FTP, printing, IMAP, DHCP, NTP, NIS, NFS, logging
- Phase 5
- To finalize implementation of the plan in a way that
a normal day-to-day maintanaince state of the system is obtained.
At the time of writing, phase 1 is completed and phase 2 is ready to be
implemented. The main components for phase 3 has been identified and
purchase have been approved.
Up: AiC Report to NOT
Tim Abbott, AiC