College of Engineering EECS Instructional Support Group /share/b/pub/reports/managers/Spring_2005 May 2, 2005 EECS Instructional Computing - Review and Plans ----------------------------------------------- Spring 2005 CONTENTS: Email and WEB Services Current Initiatives Recent Improvements Budget Priorities Further References Notable Events Email and WEB Services ---------------------- Here is a report about computer accounts and course WEB sites: https://inst.eecs.berkeley.edu/~inst/reports/?file=pdf/ISG-Review-Sp05.pdf Summary: 1) student accounts and email: ISG and ESG create computer accounts for students in EECS classes. All EECS majors get computer accounts, email accounts and a WEB site on the Instructional computers until 6 months after they graduate. All students have CalMail accounts and no longer need an email account from us, so we plan to retire the Instructional email service by Jan 2006. 2) course WEB sites: Instructors can manage their course WEB content on the EECS Instuctional server. Other servers on campus offer other services including the course schedule and description, student enrollment and email lists, the submission of grades and a course management system. EECS ISG plans to integrate these resources for instructors using new WEB "portal" technology. Current Initiatives ------------------- 1) Compliance with new regulations: The Instructional computers, along with all other computers at UCB, must be brought into compliance with these new regulations this Spring: Data Management and Use Policy ("DMUP") http://dataintegration.vcbf.berkeley.edu/ http://datasteward.berkeley.edu/documents/ProvisionalDMUP1.1.pdf Requires identification, classification and ownership of all user data stored on UCB computers, as well as the administrators' contingency plan if that data goes offline. Senate Bill 1386 ("SB1386") http://socrates.berkeley.edu:2002/CISC/SB1386/ Identify computers that store "personal" and "protected" data, describe security of that data and contingency plan to notify people if that data is compromised. UCB Minimum Security Standards for Networked Devices http://security.berkeley.edu:2002/MinStds/ Requires firewalls on all computers, strong authentication to all networked services that transmit private data (email, file systems). Email servers must not allow unauthenticated relays of outgoing email, so users will have to login to the Instructional mail server before being allowed to send email. 2) Grant Requests Under the guidance of the CNIL committee, we are drafting proposals to vendors that invite them to make a long-term commitment to support a specific lab or class. This would establish greater continuity of resources for the students and a more visible presence for the vendor. Our students have become increasingly mobile; they want to run course software from home or from laptops over broadband and wireless networks. To meet this demand, we have increased the number and power of our application servers (UNIX 'ssh' servers and Windows Terminal Services servers). So we are also seeking blade servers, which would improve these servers by providing cluster configurations that can be adjusted to accommodate the changing demands of classes at different times. 3) Revision control server for classes A number of classes use the CVS revision control utility for source code development. CVS is somewhat difficult to master, it is UNIX- centric and we are using ssh1 (old) as an authenticion mechanism. So we intend to improve this by maintaining a central revision control server that can be accessed more easily from Windows as well as from UNIX. We are likely to use a more up-to-date utility called "subversion" rather than CVS. We have not implemented the Microsoft Visual Source Safe because it is does not work well on our multi-user workstations and it does not work with UNIX. 4) Improve Instructional WEB-based services for instructors. Currently, the development of EECS course WEB sites is inconsistent. Some classes have WEB sites that are well-maintained by the teaching staff, while other sites are left with old or inconsistent data. ISG provides a WEB server (inst.eecs), disk storage and technical assistance about the WEB sites. The teaching staff maintain the content. ISG will provide newer tools to help the teaching staff obtain, edit and archive the content of their sites. This will integrate information from other campus WEB resources to facilitate course administration. This may include WEB site publishing, access to students by email and newsgroups and access to the new campus GradeBook service. 5) Vodaphone Wireless Lab 111 and 117 Cory are being converted into a new lab for courses in wireless techlologies. EECS has received a large grant for this new curriculum. The classes will include: EECS117, EECS217, EECS221A, EECS226A, EECS224, EECS225x, EECS229, EECS290, EECS298, CS294. The lab is managed by Ferenc Kovac and may be shared with research groups. 6) NetApp fileserver and Overland AIT-3 Tape Library IDSG and NetApp donated an older NetApp file server to Instruction. Instruction purchased new Overland AIT-3 Tape Library ($11,900). Instruction has arranged a new, low-cost service contract on the NeteApp with Berkeley Communications. The NetApp has these features that are new for us: - 100MB disk quotas for our long-term 'named' accounts (up from 60MB) - a single "tmp" file system on UNIX and Windows systems - "undelete" using the hidden ~/.snapshot directory - disk mirroring to a redundant backup server - (the Solaris "ACL" extended file permissions are no longer valid) The NetApp has 1.5-TB of active disk space. The Overland PowerLoader has 3.8-TB storage capacity. Dual tape drives raise the transfer rate to 86-GB/hour and permit tape duplication for off-site storage. Based upon our current rate of use, we need a tape capacity that is about 3 times that of the disk capacity to archive daily dumps for an entire semester. So we will use some of the NetApp disk space for storing the incremental dumps. Recent Improvements ------------------- 1) Intel grant: new servers for Linux, rendering and Terminal Service We received a grant from Intel in Spring 2004 for 4 new DELL 1750 servers. We are running several Windows Terminal Servers on each of them by running vitrual Windows computers within VMware under Linux. This will benefit EE classes that are primarily using Windows applications. We originally planned to use them to run Cadence on Linux for EE141, but we found that Cadence could not run on them. Cadence only runs on an old version of Linux, and there are no drivers in that version of Linux for the modern ethernet and SCSI controllers that are build into the motherboards of the DELL 1750 servers. 2) The EECS network group extended the campus AirBears wireless network to floors 1-3 in Cory Hall and 2-4 in Soda Hall in June 2004. Students with their own wireless laptops can access AirBears for free in the all Instructional labs and elsewhere on campus. (http://inst.eecs.berkeley.edu/cgi-bin/pub.cgi?file=laptops.help) 3) EECS upgraded the Instructional Computer Graphics lab (349 Soda) with 14 Macintosh G5s. These were funded joinly by the Weiner Fund, EECS Instruction and faculty donations. (http://inst.eecs.berkeley.edu/~kevinm/349Soda) 4) EECS Instruction purchased 2 new SUN V440 servers to improve the computing resources for classes such as EE141 (Cadence) and CS186 (databases). These servers are called "pulsar.eecs" and "quasar.eecs". We traded in the older "pulsar" and "quasar" (Sun E5000s) and "mingus", our HP N-class server. These older servers were at least 5 years old. 5) 'named' accounts on Windows Instructional 'named' accounts are now created on Win2K as well as on UNIX (started in Feb 2004). Students who qualify for these accounts include all EECS ugrad and grad majors, as well as students in many EECS classes. The 'named' account is potentially a student's one and only Instructional account. For EECS majors, it does not expire each semester. (We do still create specialized 'class' accounts for some classes, notably the CS Lower Division and several EE lab classes). Instructional 'named' accounts have been on the Instructional UNIX systems for over 15 years, but we have only created 'class' accounts on Windows until Feb 2004. The Instructional and IDSG groups needed the time to establish procedures for coordinating our user entries in the shared departmental Windows database. Some of the benefits to this include: * Our Windows computers are now available to many classes (notably EE upper division) that were formerly limited to UNIX. They need this because their CAD software is increasingly available on Windows and we have reduced the number of UNIX seats as our lab space has shrunk. * These Instructional users will no longer be dependent upon UNIX labs. They can still login to UNIX from Windows labs if needed. * These Instructional users may not need an additional Windows 'class' account just to access Windows software. This will reduce the number of class accounts we have to create each semester. * For EECS majors, the Instructional accounts on Windows will remain active as long as they are here. For more information about the Instructional computer accounts, see http://inst.eecs.berkeley.edu/cgi-bin/pub.cgi?file=Named-Account-Policy 6) Previous semseter achives on-line CS faculty often need to review student files from the previous semester to resolve grading conflicts, etc. This has always been difficult once we have archived the data to tape and deleted it from the disks. So we have set up a new server called "timewarp.cs" that is a snapshot of the environment at the end of the semester, and make that available to instructors during the next semester. 7) hanging gardens in Soda labs Thanks to the efforts of Jeffrey Varga and other members of the CSUA, the second floor Instructional labs in Soda Hall now have an arboreal grace, due to the silk plants they recently installed. Jeffrey patiently sought the approval of the department bureaucracy and presented a convincing case for this. Our labs now rival the ancient Gardens of Babylon as one of the wonders of the world. 8) free Microsoft sofware for EECS students at home Free Microsoft software downloads are now available to students in EECS classes (started in June 2003). Microsoft donated a file server and software licenses so that EECS students can obtain copies of Windows, Visual Studio/.NET compilers and other applications. This service helps our students by allowing them to do assignments using Microsoft software on their home computers. It helps the department because it will reduce the demand for access to Win2K computers in our labs. The procedure starts at http://msdnaa.eecs.berkeley.edu. 9) InstCD v 4.0 The fourth version of the Instructional Software CD has been prepared. It has a new version of the "Stk" program that CS Lower Division classes use to implement UCB Scheme, as well as updates to several shareware applications. We will have 1000 copies made for Summer 2005. We have not burned hard-copy CDs for 2 years, while the instructors who use UCB Scheme resolved some discrepancies in their expectations. The contents of the InstCD are free to all students in EECS classes. (http://inst.eecs.berkeley.edu/~instcd). 10) Lab Fee for Excess Printing We have started a policy of enforcing printer page quotas. We were approved by COE to charge students for printer use beyond a free quota that is based upon the classes they are in. Our goal is to control costs (not to make money). Instruction has a 5% budget cut this year, and other student labs on campus (IS&T, Res Halls) already impose printing fees. Our current quotas for free printing are computed as: 25 pages per course credit, and 25 additional pages if you are a CS or EE undergraduate or graduate. We will charge $12 for an additional 200 pages. The quotas are reset each semester and purchases are not refundable. Students can check their quotas and authorize us to bill them for more pages via http://inst.eecs.berkeley.edu/webacct/. 11) CAD Tools Software Synopsys purchased Avanti! last year and now provides 3 major CAD tool packages that are used in EECS: SYNOPSYS, TCAD and HSPICE. Instruction has purchased licenses for all of these via the "University Bundle". We are sharing these licenses with researchers such as the Device Group. Budget Priorities ----------------- Instruction will sustain a 12% budget cut ($60K less) in FY 04-05. We will reduce staffing to save about $30K in salaries. We hope that our new print quotas will reduce the cost for printing by as much as $30K. Other savings will come from a reduction in the updating of items such as computers, lab equipment and lab furniture. Current needs that may be deferred include: - 20 new chairs for labs ($6000) - 1 new multi-processor CPU server for CAD applications ($45000) Further references ------------------ http://inst.eecs.berkeley.edu/~kevinm/citris/ http://inst.eecs.berkeley.edu/~iesg/iesglabs.html Notable Events -------------- Here is the "notices" log from Spring 2005. Please see http://inst.eecs.berkeley.edu/notices.html for current events. --------------------------------------------------------------------------- June 16 - password is required to send email To increase the security of email, UC Berkeley now requires that email servers must authenticate the sender's identity before allowing them to send email. This is done by having the user login to the mail server via a WEB site or via a mail client program such as Outlook or pine. This is distinct from logging onto any particular desktop computer; you will have to do it whether you are logged in from home or from a computer in an EECS lab. If you already login to a server to access mail, you may not need to change anything. If you are not typing a password at all to access email, you will probably have to change your email settings or use a WEB mail client. The easiest way to do this is to logon to a WEB mail site such as: http://imail.eecs.berkeley.edu = "Imail" (EECS Instructional users) https://imap.eecs.berkeley.edu = "Imap" (EECS research users) http://calmail.berkeley.edu = "CalMail" (all UC Berkeley users) You can also configure common email clients such as Outlook, Euroda, pine or mutt for this, by setting them to use SMTP AUTH. Here are instructions for using CalMail and Imail: http://bert.berkeley.edu/calmail/help/secure The CalMail instructions also work for Imail; just replace the server name calmail.berkeley.edu with imail.eecs.berkeley.edu in the instructions and use your EECS Instructional UNIX logon name and password. Here are instructions for using the EECS Imap email: https://iris.eecs.berkeley.edu/news/2005/0315-Outgoing_E-mail_Serv-146.shtml --------------------------------------------------------------------------- June 9 - UNIX logins will unavailable Mon June 13 from 10am-6pm Instructional UNIX logins will be unavailable on Mon June 13 from 10am-6pm while we reconfigure the UNIX home directory server. --------------------------------------------------------------------------- Apr 4 - authnews.berkeley.edu was down authnews.berkeley.edu was down for most of the day on Monday April 4. It is not run by EECS and we do not have any information about the service outage. We notified the group that runs the campus USENET service, and we reported it to the campus Trouble Desk. These are WEB sites that might have posted information about it: http://www.net.berkeley.edu/usenet/aus/ http://systemstatus.berkeley.edu the newsgroups ucb.news and ucb.usenet authnews.berkeley.edu is the server for off-campus access to UC Berkeley news groups. For alternatives, please see http://inst.eecs.berkeley.edu/connecting.html#news --------------------------------------------------------------------------- Mar 18 - This work has been postponed These servers will [NOT] be down from 9am-6pm on Wed March 23: cory.eecs - including the HSPICE license server bisc.eecs - including the CADENCE license server (run by BSAC) po.eecs - including the program to change UNIX passwords c199.eecs - including the SunRays in 199 Cory iserver1.eecs - Linux login server iserver2.eecs - Linux login server This is to reduce the heat in the machine room while maintenance is done on the air conditioners. This is during Spring Break. --------------------------------------------------------------------------- Mar 11 - UNIX disk quotas look different now We re-enabled disk quotas on the UNIX home directories today. The command 'quota -v' returns a different output that it did before the server failure last weekend. It now looks like: Disk quotas for foobar (uid 33495): Filesystem usage quota limit timeleft files quota limit timeleft /home/aa 3428 100352 102400 237 -1 -1 /home/cc 3428 100352 102400 237 -1 -1 /home/ff 3428 100352 102400 237 -1 -1 The home directory for each user is only on one file system, and previously only one file system was listed. However, we restored everything onto a single file system on a new server, then mounted it in 3 pieces to retain the previous file paths. So each of the 3 "file systems" listed above are really reading the data from a single file system on the new server. The 'quota' command doesn't know that, though! We hope to correct that soon. As before, if you get a "disk quota exceeded" error, you can clear some files yourself to get back under quota. Please see http://inst.eecs.berkeley.edu/cgi-bin/pub.cgi?file=disk.quotas for ways to login, commands to type and how to access the quota-less /home/tmp file system (aka \\ping\tmp on Windows). If you are unable to clear your own files, please ask us for help (inst@eecs, 278 Cory, 386 Cory, 333 Soda). --------------------------------------------------------------------------- Mar 10 - cory.eecs was down, 5:30pm-7pm Cory.eecs (UNIX login server) crashed at about 5:30pm because of operator error. We had to reboot from CD to fix it. [I accidentally overwrote a system library. I really apologize if anyone lost work - kevinm]. Cory.eecs is the license server for Synopsys and Hspice. --------------------------------------------------------------------------- Mar 7 - UNIX home dirs and email are back in service A full incident report is available: https://inst.eecs.berkeley.edu/~kevinm/manage/?file=Incident-Report-Mar05.pdf Mar 7 11:40 PM - Here is a progress report: /home/aa (named accounts) - up at 11am Monday /home/ff (instructor accounts) - up at 3pm Monday /home/cc (class accounts) - up at 11:30pm Monday incoming email to @imail.eecs - resumed at 11:40pm Monday Some files in CS182 and CS198 accounts may not have been restored properly. We will follow up on that on Tuesday and notify the instructors. We _really_ appreciate how patient everyone has been about this. We know it stalls the progress of your coursework and creates an even bigger workload for you to catch up. The problem: The Instructional UNIX file server suffered a hardware failure around 10am Saturday March 5th. This causes logins to the UNIX systems to freeze up, with "NFS timeout" errors. It also causes incoming email to imail.eecs to be deferred (but not lost), and class WEB pages can't be accessed under http://inst.eecs.berkeley.edu. For more symptoms, please see "Downtime Symptoms" below. Mamba.cs, the UNIX file server, had a RAID disk failure with misleading symptoms. First it indicated that 2 drives had failed, but we were able to bring those back on-line. Then a third drive failed, and that is really a hardware failure. We have replaced that drive with a spare, but the sequence of events caused the continuity of the RAID array to be lost. Some data on the original file systems were corrupted, so we are restoring the file systems from tape (132-GB from tape at about 5-GB/hour). We posted signs in the labs and on the computer login messages to notify the students. --------------------------------------------------------------------------- Mar 4 - some UNIX home dirs and email were inaccessible today The Instructional UNIX file server stopped exporting home directories at about 3:30am today. See "Downtime Symptoms" below for a list of the symtoms. It was fixed on most computers, including the Instrucional WEB server, by 9am. We did another check of all the computers at 3pm. However, we didn't discover some problems until later in the day. For example: /home/ff was remounted to cory.eecs at 2pm /var/mail was remounted to quasar.cs at 5pm Please report any problems to inst@eecs.berkeley.edu or call 643-6141. --------------------------------------------------------------------------- Feb 23 - Home dirs inaccessible on the Macs Users on the Macs in 199 Cory and 349 Soda are unable to connect to their home directories (on mamba.cs). This was caused by a recent security enhancement to mamba.cs. This will be fixed on Thursday morning. --------------------------------------------------------------------------- Nov 2004 - Security alert: Internet Explorer Active scripting is disabled Users of Internet Explorer may be prompted repeatedly for permission to run scripts on the page. This is because the sys admins have disabled the "Active scripting" feature of Internet Explorer on most EECS Instructional Windows computers because of a security flaw for which there is no patch yet. Users are advised to use a different WEB browser (Mozilla, Firefox or Opera) to avoid this. For information about the security flaw, please see http://www.kb.cert.org/vuls/id/842160 --------------------------------------------------------------------------- Nov 2004 - remote logons to Windows accounts You can logon to your Instructional Windows account from other computers using the Terminal Services utility. You need the Terminal Services or Remote Desktop Connection client program on your computer to do this. It is included in newer versions of Windows. You can download this client for free from Microsoft at http://www.microsoft.com/windowsxp/downloads/tools/rdclientdl.mspx It is also available from "C:\mstsc files\" on the computers listed below. We have enabled these lab computers for remote logons: IP Address (WINS hostname) ------------ --------------- 128.32.48.29 (199-2) 128.32.48.27 (199-3) 128.32.48.79 (199-4) 128.32.48.30 (199-5) 128.32.48.81 (199-6) 128.32.48.73 (199-7) 128.32.48.68 (199-8) 128.32.48.26 (carter) 128.32.48.89 (ella) 128.32.48.93 (motian) 128.32.48.60 (previte) 128.32.48.87 (tatum) 128.32.48.53 (tyner) 128.32.48.78 (wes) Note that you need to use the IP address from a computer outside of EECS, because the WINS hostnames are only meaningful locally on the EECS subnets. PLEASE LOGOUT BY SELECTING Start->Shutdown->log off rather than by clicking on the X at the upper right corner. Otherwise, you will only put your remote logon to sleep and therefore block others from access. This service is not as efficient as remote logins to UNIX computers. Each computer will allow only three remote users at a time. For more information, please see http://inst.eecs.berkeley.edu/cgi-bin/pub.cgi?file=microsoft.help --------------------------------------------------------------------------- March 2004 - Printer usage quotas are now in effect Instructional UNIX and Windows accounts now have page limits on the Instructional shared printers in Soda, Cory and Hearst Field Annex. The print quotas this semester are computed at 25 pages for each course credit that the account is being used for. In addition, students who are EE or CS undergraduate of graduate majors are given an additional 25 pages per semster on their print quotas. The print quotas are reset each semester. Unused pages will NOT be credited to you in future semesters. If you exceed your print quota, your next print job will be replaced with a "QUOTA EXCEEDED" page. That page explains that you can logon to http://inst.eecs.berkeley.edu/webacct to view your print quota allocation and to purchase additional pages. Pages that you purchase will be billed to you, at a rate of $12 (non-refundable) for 200 pages. --------------------------------------------------------------------------- Jan 2005 - newest EECS Instructional CD is delayed EECS Instruction provides the InstCD for students in our courses. The CD contains a collection of public domain software used in EE and CS courses. It is provided free by EECS Instruction for students to use on their home computers. We have run out the old version (v3.0) and the new version has been delayed. In the meantime, students can download the programs they need from the on-line copy of the CD, at http://inst.eecs.berkeley.edu/~instcd --------------------------------------------------------------------------- Fall 2004 - Forgot your password on the Instructional computers? For named accounts: Login as 'newacct' (password 'newacct') again (in 199 Cory, 273 Soda or 'ssh' to cory.eecs.berkeley.edu). Enter your Student ID number. Then select the new "p" option for resetting your password and reprinting a form. The form will be printed the next weekday and will be available in 391 Cory after 1pm. Named accounts look like 'gbush' or 'bclinton'. For class accounts: Go to the sys admin staff for the lab you are assigned to use (see http://inst.eecs.berkeley.edu/~inst/iesglabs.html). Bring your initial class account form or student ID card. There is no on-line procedure for resetting the password of a class account. Class accounts look like 'cs61a-aa' or 'ee141-agore'. --------------------------------------------------------------------------- May 2002 - your LOST+FOUND directory
Mamba.cs, the Instructional UNIX home directory server, crashed on April 29 and was down for 33 hours. For an explanation of the circumstances, please see the Spring 2002 Managers' Report (http://inst.eecs.berkeley.edu/~inst/?file=Spring_2002). A number of files and home directories were not restored to their proper names and locations. When we couldn't determine where the files should go, we put them a directory called LOST+FOUND in your UNIX home directory. Please see the LOST+FOUND/README file for an explanation of how you can read these files, and ask us for help inst@cory.eecs.berkeley.edu if needed. --------------------------------------------------------------------------- Downtime_symptoms These are possible symptoms when UNIX email or home directories are missing: - when you try to login the screen freezes - you see the error message "home directory is /" - session hangs up if you try to 'ssh' into an Instructional computer - unable to read WEB pages from the http://inst.eecs.berkeley.edu - lots of annoying "NFS timeout" error messages on your screen - new email deliveries will be delayed on imail.eecs While the server is down, you may not be able to logout in our labs because you can't type any commands. On a SunRay, even turning it off doesn't log you out. The support staff check the labs after events like this to be sure everyone gets logged out. We also post information about the problem at http://inst.eecs.berkeley.edu to help students find out when the problem has been fixed. So all you can really do in this case is to wait until the problem is fixed, go back to the lab (or login to the SunRay server for that lab) and log yourself out, or let us log you out. We disable email receipt and relaying through imail.eecs when the home directory server (mamba.cs.berkeley.edu) is down. No mail is lost. Computers that send mail queue messages that are not accepted by a remote server, and they resend the messages periodically until they are received. --------------------------------------------------------------------------- For additional information, please contact us: Kevin Mullally, ISG Manager | Ferenc Kovac, ESG Manager EECS Instructional Support Group | EECS Electronics Support Group 378 Cory Hall, (510) 643-6141 | 380 Cory Hall, (510) 642-6952 kevinm@eecs.berkeley.edu | ferenc@eecs.berkeley.edu | http://inst.eecs.berkeley.edu/ | http://iesg.eecs.berkeley.edu/ | UNIX, Win2K computers and software | Win2K computers, software and in drop-in labs; email and UNIX | equipment in electronics labs, accounts; UNIX login servers; | AV services. class and student WEB sites. | source: ~inst/public_html/reports/managers/Spring_2005