HEP-CCC on Friday, 12 November 1999, at CERN CCC/CERN/99/06

HEP-CCC on Friday, 12 November 1999, at CERN CCC/CERN/99/06

DRAFTCCC/CERN/99/06

HEP - CCC

Minutes of the Meeting held on Friday 12 November 1999 at CERN

PRESENT:M.Aguilar-Benitez, G. Barreiro,W. deBoer, M. Delfino, J. LeFoll, H.F. Hoffmann (part time), W.Hoogland, D.Jacobs(secretary), P. Jeffreys, D. Kelsey, J. May, D. Linglin S. Lloyd, L. Price, F.Ruggieri (chairman), H. von der Schmitt (part time), E.Valente, P.Villemoes

EXCUSED:K. Peach

INVITED: H. Albrecht,M. Ernst,M.L. Ferrer F. Gagliardi (for item 10) T. Haas (for item 4) G. Metakides (for item 10) T. Van der Pyl (for item 10) D. Williams (for item 10)

1.Chairman's Remarks and Adoption of the Agenda

A.Chairman's Remarks

Ruggieri passed on apologies from Ken Peach. He noted that Hans von der Schmitt would be late and Michael Ernst would be substituting for him until he arrived. Hans Hoffmann was tied up by the Finance Committee and could only attend later.

He observed that the discussion with G. Metakides et al would give the possibility to start thinking about EU collaboration in the projects that are probably necessary for LHC computing.

B.Adoption of the Agenda (CCC/CERN/99/05)

The agenda was adopted as published.

C.Next Meeting

See item 13.

2.The Minutes of the last meeting, (CCC/CERN/99/04)

A.Adoption of the Minutes

Item 3, Videoconferencing, Recommendation 4 (p12): This should read "In view of the fact that videoconferencing standards are still evolving, HEP should continue its activities in this area."

Item 6, last para (p19): Babar is now successfully distributing its data for processing.

Item 7, para 3 (p20): This should have referred to the Cray at CERN

With these changes, the minutes of the last meeting (CCC/CERN/99/04) were approved.

B.Matters Arising from the Minutes

It was confirmed that members agree with the HEP-CCC recommendation on standardisation of computing platforms (p21). There was a short discussion on the action that should now follow.

M. Delfino said that the recommendation had already been shown to the FOCUS committee and had resulted in several agenda items. He was hoping for some feedback from HEP-CCC members acting as representatives of their national communities. He warned that the per capita cost of managing legacy systems was becoming very large. With LEP coming to an end, there would be movements of people and money, and it would be good to have a plan for rationalisation in place.

S. Lloyd reported that the recommendation had been distributed in the UK, the only negative comment being from the LEP community.

It was agreed that the statement should be made available in the HEP-CCC Web pages (action DJ).

M. Delfino expressed the view that one should not push the publicity too hard, since this would simply encourage resistance. IT Divn at CERN was rather concentrating on making its Linux service as good as possible and letting market forces work in favour of PCs.

M. Ernst said that DESY was also moving to PCs. He welcomed the CERN effort but noted that the community is not homogeneous and some parts, especially amongst the accelerator builders, are still suspicious of PCs. The recommendation is, however, already being distributed at DESY.

M. Delfino proposed that national laboratories should specifically raise the issue in their experiment committees.

C.List of Outstanding Actions

The action list was reviewed as follows:

Networking Items

37.2/96. Update on status of the TEN-155 project. On the agenda this time (item 9). Status: ongoing, kept on future agenda list.

Other Items

53.7/97. Mark-up Languages. Confirmed will be looked at in 2000. Status: ongoing.

60.6/98. Strategic topics for HEP-CCC. On the agenda this time (item 11) but skipped in the end due to lack of time. Status: ongoing.

61.11/98. Y2K plans. The actions listed have been more or less carried out and this item is considered closed. Status: closed.

63.4/99. HEP-CCC recommendation on future platforms for HEP. This phase is considered as settled but a review of the situation will be scheduled at a meeting in 2000 (added to the future items list). Status: closed.

64.6/99. HTASC recommendations on videoconferencing. Addressed in the HTASC report (item 3) this time. Status: closed.

D.Proposals for Future Agenda Items

1.2/95. Network Security. Report from HTASC at this meeting (item 4). Ongoing.

3.2/95. Reports from Experiments. HERA-B and KLOE at this meeting (items 6 and 7). Ongoing.

4.2/95. North American Issues. Ongoing.

10.6/95. Annual progress reports from the LHC experiments. Ongoing.

11.6/95. Monitor the international networking situation. Ask for a report from the ICFA Standing Committee on Inter-regional Connectivity at the 3/2000 meeting. Ongoing

12.10/95. Reports from the HTASC. Ongoing.

15.2/96. Update on status of the TEN-155 project. Ongoing

24.11/96. Annual reports from FOCUS. On the agenda of this meeting (item 5). Ongoing.

31.7/97. Regional Centres. Should be looked at again at one of the later meetings in 2000. Ongoing.

35.11/98. CERN situation regarding Operating Systems (esp. Linux vs. WNT) for PCs and the Various Commercial UNIX Products: a) in Farms and b) on the Desktop. This was covered at the last meeting and contributed to the HEP-CCC recommendation on platforms. Closed.

36.4/99. Collaborative engineering possibilities, both for mechanical and electronics work. Postponed to the 3/2000 meeting. Ongoing.

37.6/99. The future role of HEP-CCC. To be put on the agenda of the 3/2000 meeting. Ongoing.

38.6/99. Choice of next HEP-CCC chairperson. F. Ruggieri pointed out that this is becoming urgent, with his mandate ending in July 2000.

3.Report from the HTASC (D. Kelsey)

A copy of Kelsey's overheads may be found at

the major topics being the experience of experiments with OO technologies, network Quality of Service and network Differentiated Services. The videoconferencing recommendations, as presented to the last HEPCCC meeting, were also looked at again and the question was raised whether or not videoconferencing actually saves money. HTASC decided that this is not a major argument. Videoconferencing in HEP rather makes collaboration possible and saves time. The users are clearly enthusiastic about it, as VRVS use continues to grow exponentially. HTASC therefore does not want to alter its recommendations.

HEPNT

This will continue as an open forum. It met jointly with HEPiX at SLAC in mid-October. The meeting was considered to have been very successful, with good cross-attendance between the WNT and Unix sessions. The next HEPiX meeting at Braunschweig in 2000 will also be joint. Concerning W2000, HTASC confirms its view that co-ordination of HEP use of this system is a suitable topic for a subgroup. Many members are interested but a chairman has still to be identified. Suggestions are welcome.

Experience with OO technologies

HTASC decided to look at the experience in current experiments, since the LHC experiments have not yet completed a full cycle of OO use. It was hoped to include input from FNAL and CERN but at the October meeting there was only a contribution from BaBar. They comment that, given their approval in 1995, only a short time was available to develop the software. They consider it to be too early to judge whether OO software is really easier to maintain than traditional code. C++ was the only viable language when they started but it is felt to be complex and suffers from the fact that the standard is evolving. They advise a stepwise iterative approach to software writing and note the need to build an infrastructure to support the developers. They have found that training is absolutely necessary for the developers and is also needed for the users. They feel they have learned a number of lessons. They had 6-10 people in the core development team and found that these people must be in very good contact with each other. They also originally underestimated the infrastructure needs. They heavily emphasised the importance of training for both developers and users (since for the latter both the language and the paradigm are new). Many of the real issues with BaBar software, however, had nothing to do with the technology and were more concerned with procedure and project management. Overall it was an up-beat presentation. In discussion it was felt to be too early to really know if the maintenance is easier and the importance of infrastructure was again emphasised.

HTASC intends now to go on to look at experience at FNAL and CERN as well.

The only conclusion for the moment is thus the necessity of practical and timely training. Experiments should put funding aside for this. Getting the right practical level of training is felt not to be easy and in fact about three different levels are thought to be needed.

Networking

Presentations were made by O. Martin and T. Ferrari. The latter had a good tutorial value and is available at the HTASC Web site.

O. Martin gave an overview on Quality of Service (QoS). The Internet traditionally delivers a "best efforts" service but some applications require a guaranteed service level. Integrated services were tried but this solution does not scale well. Differentiated services are simpler and stand a better chance to succeed. ATM is not dead, but has not spread as expected and also has scaling problems. The Multi-Protocol Labelling Scheme allows definition of the desired routing etc.. The Committed Access Rate (CAR) service is still full of bugs. The main need for QoS is seen as resulting from the way in which TCP throughput decreases spectacularly as packet loss increases. Martin also spoke of QoS monitoring.

T. Ferrari covered a range of material, starting with a QoS problem statement and passing via a variety of technical solutions to more details on differentiated services. The search for solutions was seen as leading to newer and simpler differentiated services, using the concept of aggregation, where applications with similar requirements are lumped together into classes. This improves scalability since it much reduces the amount of status information that must be kept in all the routers. She gave examples of scheduling algorithms, touched on policing and the many strategies that can be followed if congestion occurs, spoke on the characterisation of applications and summarised the work in which INFN has been involved.

In discussion it was noted that differentiated services look promising. There is no need to change the applications and there are a variety of options for the future such as Sonet and leased lines. It was felt that differentiated services could be in production within about one year.

HTASC concluded that the technique is interesting, although it is not clear that it will ever be available on the public network and no costing mechanism has yet been set up. The experience in the Czech Republic is encouraging for interactive applications but no improvement in file transfer speed has been observed. If HEP takes up this option it will not be without cost. HTASC feels it to be too early to make technical recommendations and will return to the subject in 12-18 months.

Action: Possible HEP use of Differentiated Network Services

HTASC will return to this topic ~end-2000, with a view to making technical recommendations.

Status: new.

Action : HTASC

In 2000, HTASC intends to meet at CERN on 2/3 or 9/10 March (LDAP, OO and W2000), 8/9 June, perhaps at a regional centre, and 19/20 October at CERN. Kelsey showed a list of possible items for discussion and asked for feedback.

W. deBoer commented that videoconferencing is useful not just for the collaborations but also for committees such as LEPC, and went on to ask if WNT has a future in HEP. His own institute is happy with Star Office. Several members commented on the likelihood of incompatibilities and felt that Windows would inevitably be present in the future. M. Delfino reported that CERN is seeing an increasing number of reports about document incompatibilities, many of which are traced to Star Office. This product may be satisfactory for an isolated physics community but causes problems in interaction with the administration and the engineering community. Those who pursue diversification risk to find themselves on their own. It was also pointed out that physicists with Unix desktops can use terminal server software to run applications on a remote WNT machine.

E. Valente expressed the view that ATM is not central to the QoS discussion for physics, since we live in an IP world.

4.HTASC Report on Security (T. Haas)

(Chronologically this was the last item in the afternoon, due to the availability of Haas). Haas began by listing the members of his security panel, chosen from personal preference. Unfortunately there has been no US representation. Asked by Price if he was aware of the ESnet Co-ordinating Committee on Security, Haas said no and added that he felt there to be a certain sensitivity in the US regarding co-operation on security matters. Kelsey pointed out, however, that the draft report had been discussed at the June meeting with representatives of both SLAC and FNAL present.

Referring to the mandate of the panel, Haas explained that it was valid to consider security in the HEP context since HEP computing possesses a number of particular aspects such as a small number of centres with expensive equipment and a large number of weakly controlled attached institutes.

The draft report had already been through several iterations and was now in a rather stable state. He briefly resumed its structure and the main points:

Introduction -Explains what is specific about HEP computing.

Scope -Sets out agreed restrictions, notably the limitation to network-based intrusion.

Policies -

General Measures -The importance of designating a security officer and a deputy (the minimum is to have a security contact-person). These people need to be appropriately trained. There should be adequate documentation: acceptable use policy, security guide, system administration guide.

Specific Measures -For network security, filters prevent unauthorised connections between the inside and the outside. The majority of the panel felt that many people did not desire traffic monitoring. For operating systems, UNIX issues essentially now concern Linux. It is known that use of Windows file systems over WANs is not secure. Virus detection is a must. X11 is fundamentally insecure but there are solutions to improve security. There are varying opinions on SSH. Some fear "cloaking", whereby an intruder who has cracked a password cannot be tracked-down through monitoring due to the encryption in use. On the balance, however, the recommendation is in favour of SSH use. This implies making SSH clients available everywhere.

Developments -There is concern how smaller institutes will manage with certificates. Perhaps a central HEP authority is required? If so, then rapid co-ordination is needed.

Communications -A list of security contact-persons must be maintained.

Concluding, Haas said that the most important aspects to retain for immediate action were the need to provide SSH clients and to appoint security contact-persons. His panel volunteered to assemble the list of these names.

P. Villemoes wondered how the use of SSH could be handled at conferences for example. Haas replied that the golden rule was not to copy keys onto foreign machines.

F. Ruggieri was concerned that inter-laboratory communications might be difficult if individual labs become too restrictive. He felt co-ordination of policies amongst labs to be essential. Haas replied that this was difficult, citing CERN's policy to leave access rather open and monitor traffic, while other sites (e.g. in Germany) believe that monitoring is forbidden. CERN is also opposed to use of SSH because of the cloaking issue. W. Hoogland pointed out that a final recommendation of the panel would thus have to be that CERN should abandon its approach and deploy SSH.

On the question of security contact-persons, it was decided that, while HEP-CCC recommends that every institute appoint a contact-person, the actual collection of names is best left to HTASC.

Action: Security Contact-Persons

HEP-CCC recommends that every HEP institute should appoint a security contact-person. HTASC is charged with gathering the list of such people. Status: new.

Action : HTASC

5.Report from the FOCUS Committee (P. Jeffreys)

A copy of Jeffrey's overheads may be found at

He began by noting that his presentation was being made in spirit of seeking advice after one year of chairmanship. In taking up his appointment, he had received good support from M.Delfino and feedback that was generally positive about the work of the committee. For the future, however, he would not recommend to change both the chairman and the secretary at the same time.

FOCUS topics can be characterised under three headings: policy required, review and informational, the initial aim being to spend about 1/3 of the time on each. Items may be initiated either by IT or by users. The topics covered in the last year under the "policy" heading concerned mainly platforms at CERN (PCs, NICE, the pilot Linux batch service, the Linux 2000 project proposal and migration from RISC). The topic of mobile computing will be tackled in 2000. Under the "review" heading, FOCUS heard about data storage (support for storage media will be tackled in 2000) and the LHC Computing Review. A list of further topics for the coming year has already been established (the aim is normally to have plans for the agendas of the next four meetings). Under the "informational" heading, FOCUS heard for the first time about the outcome of the COCOTIME deliberations, clearly a good idea. It also heard reports on Y2K issues and on the new printing service. In fact about half of the meeting time had been spent on reviews (leading to policy issues) and 25% on each of policy and informational matters.