CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Alberto Di Meglio, Ivan Deloose, Per Hagen, Frédéric Hemmer, Alberto Pace Information Technology Division - CERN

At CERN

Progress ReportProgress Report

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

OutlineOutline

• Pilot experience

• Plans for production services• Home directories• Migration out of Novell Netware • Migration out of NT4 • Tools• Application distribution

• Next Steps

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Windows 2000 Pilot ExperienceWindows 2000 Pilot Experience

• ~ 150 systems• 30 Windows 2000 Servers• 130 Windows 2000 Professional• 2.5 % of expected scope

• Variety of users • … but mainly volunteers

• Variety of platforms• Laptops (15)• 90-800Mhz, 48->512 MB

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

General problems encounteredGeneral problems encountered• DFS FRS on large volumes sometime fails

• Maybe due to staging space limitations• Decided to switch FRS off for Home dirs.

• SMS software metering sometimes fail• Will see if future versions solve this

• DNS integration with Unix bind was not easy• Server backup SW long to arrive• Some problems with portable and PNP/Modem/APM

have been observed• Cleared by a reboot

• Support for some devices is still flaky• E.g. GSM, HP consumer printers

Overall impression Overall impression positivepositive

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Windows 2000 on PortablesWindows 2000 on Portables

• Benefits• All your documents can be made available for

offline use• Hibernate/Standby support• DHCP• PnP• Resilient to network/server failures

• Problems• Some PnP problems appearing occasionally

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h Windows 2000 Desktop StabilityWindows 2000 Desktop Stability

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

OutlineOutline

• Pilot experience

• Plans for production services• Home directories• Migration out of Novell Netware • Migration out of NT4 • Tools• Application distribution

• Next Steps

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Home DirectoriesHome Directories

WINDFS02WINDFS01

WINIT01

adimegadimeg

Users\a\adimeg

Users\z

Users\a\azuWINEP01

azuazu

But …

•Initial pilot proposal based on a divisional structure

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Problems with this approachProblems with this approach

• MS recommends maximum 1000 DFS mount points• There are more than 8000 users• We ran into the limit where no more links

could be created (September 2000)

• Automatic creation of users gets complicated• A lookup on every div is necessary• Users change from div to div

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Physical structure (II)Physical structure (II)

WINDFS02WINDFS01

WINDIV01

adimegadimeg.

.

.

Users\a

Users\z

WINDIV26

zhyonzhyon

azuazu

So alphabetic ordering was implemented

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Architecture limitation ?Architecture limitation ?• With this approach, all accounts with the same

initial letter must be on the same physical server• All home directories must be hosted in 26 servers

maximum

• However …• Better that divisional approach where all home dir had

to be hosted in max 11 servers• In all cases, project space can be used to offload

home directory servers if necessary• With present technology, all home directories could

be hosted in 4 servers – there is lot of space for growth … (especially because server technology evolves very fast)

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Logical StructureLogical Structure

UsersUsers

aa

ProjectsProjects

cern.chDfs Tree

zz

LHCBLHCB

adimegadimeg

harveyharveyscratchscratch

ApplicationsApplications

SystemsSystems

azuazu

……

……

New Mount PointsOld Mount Points

Unlimited evolution (several thousands mount points possible)

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Macintosh supportMacintosh support

• Should we offer Appleshare services from DFS ?• File services for the Mac are one

generation behind services for Win• Can compromise the stability of the DFS

service (as it did with Novell in the past)• Only for a minority of users• Still unclear if the Mac will be a supported

platform at CERN

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

OutlineOutline

• Pilot experience

• Plans for production services• Home directories• Migration out of Novell Netware • Migration out of NT4 • Tools • Application distribution

• Next Steps

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

NetWare Migration to W2000NetWare Migration to W2000

• A nightmare, largely underestimated• Multiple name spaces• Support for Macintosh• Historical situation grown from 1990

• Large number of accounts (>8000)• Large number of groups (>800)• Large number of (old) files (10 M)• Complex file protection scheme

– Not directly mappable to W2K

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

ScenarioScenario• Migrate NW file systems to NTFS5

• CERN NT domain (not W2K pilot)• Keep UNC paths unchanged (user transparent)• No NT4 servers

• Successful reliability and performance results win2000• Better ACL mappings (inheritance, special rights)

• Name spaces• DOS-OS2 (long names), MAC, NFS

• Different server types• Workgroup servers, MAC only servers, NICE

application servers, divisional servers, home directory servers

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Technical ProblemsTechnical Problems

• MAC name space• NW provides APIs to extract AFP

resources (icons, MAC name), but no Win32 API to write these back to a NTFS server -> Use a Mac to transfer files

• The Mac does not copy ACL and all security related information

• NFS name space• No solution for automated file

ownership/rights migration

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Migration sequenceMigration sequence

Netware server

W2K server

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Migration sequenceMigration sequence

Netware server

W2K server

1 - Get a PC (NT4 – 32bit NW client)

2 - Create Directory structure file DOS, AFP name space (NDSDump)

3 - Create Directories on target server

4 – Generate Trustee &NW Group member files

NTMigrate (Win2000)

5 – Convert users, groups and file rights

5 – Create groups and add members

6 – Set ACLs on directories7 - Get a Macintosh

8 – Copy files using DirStruct file (speed)9 – Rename directories DOS -> Mac name

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

NetWare Servers migrationNetWare Servers migrationServer Files Directories GB Home Dirssrv1_home 979832 165935 59.2 2017srv2_home 755757 88993 59.37 642srv3_home 717329 122990 52 1245srv4_home 1245558 227270 56.98 3948srv5_home 317218 57803 20.98 720

4015694 662991 248.53 8572srv1_div 395830 32699 59.2srv2_div 406373 38836 47.99srv3_div 154572 11321 30.78srv4_div 288426 54488 59.06srv5_div 541471 7736 46.4srv6_div 40250 2532 31.81

1826922 147612 275.24srv0_nice 803410 88181 42.35srv1-5_nice 4017050 440905 211.75Totals 10663076 1339689 777.87 8572

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Problems Encountered ?Problems Encountered ?• Client for MS sometimes not correctly configured

• Manual fix

• Netware/NT Password not synchronized• Manual / automated fix

• ftp access syntax changed• New syntax to learn, scripts to modify

• Manual drive mappings• Needs to be recreated

• No root mapping• Kludge exist on NT; nothing on W95

• Trustee manager not available• Trustee manager written

• Disconnected portable take time to logon• Eject PCMCIA Ethernet adapter

• Home Directories are browsable• Feature, similar to AFS

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

OutlineOutline

• Pilot experience

• Plans for production services• Home directories• Server Migration out of Novell Netware • Server Migration out of NT4 • Tools • Application distribution

• Next Steps

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

NT 4 Server Migration to W2000NT 4 Server Migration to W2000

• WINS Servers done

• Domain Controllers done• Including remote DCs in experiments

• CERN Domain promoted to Win2000 native mode

• In-place upgrade

• Mostly transparent to users

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

OutlineOutline

• Pilot experience

• Plans for production services• Home directories• Migration out of Novell Netware • Migration out of NT4 • Tools • Application distribution

• Next Steps

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Tools that had to be developedTools that had to be developed• Printer Wizard• Trustee Manager• Group Manager• User Registration Services• Computer Registration Services• To be done

• Password recovery, “Administrators” Local Group management, Local Administrator Password recovery, Computer Account Reset, User Profile recovery and reset, quota enforcement, quota management …

DEMO

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

OutlineOutline

• Pilot experience

• Plans for production services• Home directories• Migration out of Novell Netware • Migration out of NT4 • Tools • Application distribution

• Next Steps

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

0

200

400

600

800

1000

1200

1400

1600

1800

2000

Net

scap

e M

ail

Net

scap

e N

avig

ator

Acr

obat

Rea

der

Wor

d

Exc

el

Exc

eed

X S

erve

r

Ftp

Inc

Tel

net

Pow

erP

oint IE

File

Mak

er P

ro

GS

Vie

w

Fra

mem

aker

Pro

ject

Pin

e

Mic

rogr

afix

Des

igne

r

Ftp

Inc

FT

P

Dre

amW

eave

r

Exc

eed

Ftp

Out

look

Acc

ess

Pai

ntS

hopP

ro

Win

Zip

Exc

eed

Tel

net

Pho

toP

aint

Cor

elD

raw

Fro

ntP

age

Illus

trat

or

NC

D P

CX

War

e

Out

look

Exp

ress

LVie

w

Pub

lishe

r

Net

Mee

ting

Ftp

Inc

3270

Applications

< 100

< 20

< 40

Application Concurrent UsageApplication Concurrent Usage

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Managed ApplicationsManaged Applications

• Part of OS• Internet Explorer

• Assigned to Computer (using MSI)• MS Office 2000

• Access, Excel, FrontPage, Outlook, PowerPoint, Word

• Acrobat Reader, Printing Package, Phone Book, Winzip, anti virus, and other tools …

• Published to User (using MSI or ZAP)• MS Project, MS Publisher• Remedy• Exceed

All most used functionalities are provided

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Application DeploymentApplication Deployment

• Still unclear to what extent SMS will be used• We are trying to deploy using mainly MSI

and ZAP files• In order to use ZAP files, the

“Administrators” local group has to be managed

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Comparing SMS 2.0 and Win 2000Comparing SMS 2.0 and Win 2000Windows 2000 SMS 2.0

Application deployment New OS deployment OS update deployment User settings management User data management Hardware / software inventory Remote tools Software metering Network analysis / diagnostics Health monitoring

Only overlap is in software deployment!Only overlap is in software deployment!

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

SMS QuestionsSMS Questions

• Are there any privacy issues?

• Do we have to restrict access to these tools? To whom?

• Do we have to include special clauses in outsourcing contracts ?

• Do we have to have our own staff to sign something ? (cf. HR data).

• How do we publicize this ?

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Few words on an hot topicFew words on an hot topic

• Netscape is currently the most used app at CERN

• But we see a dark future …• Netscape 4.7 has not been made available

(as a managed app.) in the pilot• No SMS/MSI install available• No CERN customization available• Repackaging risk to be difficult• IE 5.x integrated in the OS• Outlook now part of Office (with MSI)

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Current ProposalCurrent Proposal

• Recommend Internet Explorer and Outlook 2000 as the browser and mail client for Windows 2000• Apparently stable• No CERN specials anymore • Bookmarks and Address Books can be imported• IMAP mails & structure unchanged• Deployment of collaborative tools possible

(calendaring, groupware, video conferencing, …)

(under discussion)(under discussion)

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

W2KMTFW2KMTF• The current question is now:

• How to proceed with the next steps, I.e. how do we go from the current NICE 95/NT to NICE 2000 and what timescale ?

• Applications: many of them, overlapping functionality, support not always clear, work needed to repackage ?

• At what speed are the divisions/experiments ready to migrate ?

• What are the show stoppers ?

• A working group has been setup• Windows 2000 Migration Task Force• First meeting scheduled the 7th of November• More than 30 participants …

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

OutlineOutline

• Pilot experience

• Plans for production services• Home directories• Migration out of Novell Netware • Migration out of NT4 • Tools • Application distribution

• Next Steps

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

Next StepsNext Steps

• Define automated installation procedures • Unattended W2K setup + assigned applications• sysprep / disk image for new PC’s & portables

• Develop missing tools• Repackage missing applications

• Once the application set has been decided …

• Customize mail client for CERN environment• And finally, start migrating client computers

• 4000 PCs, 2 hrs/PC 5 man*years

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h

ScheduleSchedule

PrototypePrototype

Windows 2000 PilotWindows 2000 Pilot

Jan Feb Mar Apr May Jun Jul Aug Sep

Proof of concepts

Applications availability with MSIMigration scenarios

Checkpoint

Oct Nov Dec Jan Feb

Coexistence & Migration plan

NICE 2000 with minimal set of apps

NICE 2000NICE 2000

(today)(today)

NICE 2000NICE 2000

(February 2000)(February 2000)

NICE 2000NICE 2000

(July 2000)(July 2000)

CE

RN

- E

uro

pea

n O

rga

niz

atio

n f

or

Nu

cle

ar

Re

sea

rch

C

ER

N -

Eu

rop

ean

Org

an

izat

ion

fo

r N

uc

lea

r R

es

earc

h