...
- Outcome of additional pricing discussions with MTI.
- The MTI contract and SLAC purchasing.
- Status of hardware purchases
- Assembly/Integration planning
- Extending the open SLAC network through the VPN tunnel
Attendees:
Amedeo Perazzo, Jean-Raymond Pierre, Charles Granieri, Gary Buhrmaster, Ric Claus, Bob Cowles
Discussion:
- MTI has provided a revised quote for the tail circuit to SASS.
- Linda Price (GLAST Project Controls Manager) is investigating the proper way to proceed for the service contract.
- PR's for the Cisco switches and the Nokia IP380 are in the system, with Teri Church as the buyer.
- Assembly location for the rack likely B33.
- SLAC Public Network Access:
- Bob approved the proposal to extend a SLAC public subnet through the VPN tunnel to NRL/SASS.
- Only centrally-managed Windows or Linux systems may be attached to this subnet.
- Workstations on this subnet will not have Internet access.
- Connected systems must be registered in CANDO with static IP addresses (no DHCP).
- We need to get the additional switch in place and the firewall configuration updated ASAP since MCR will be shipping to NRL soon.
- JP was able to reproduce the poor transfer rates across the Nokia firewalls, and is contact with the manufacturer to determine more optimized settings.
Actions:
- Bryson to work with Linda Price / Diana Vierra to get PR's issued for MTI and ASU network services.
- Charley to create a new public subnet and provide&configure a 24-port 10/100 switch.
- JP to update the firewall configuration for the public subnet.
Wednesday, 5 April 2006
Agenda:
- Any SASS/MTI local-loop news
- Revisit security policy re: SLAC PUB network through VPN tunnel to NRL/SASS.
Attendees:
Amedeo Perazzo, Jean-Raymond Pierre, John Canfield, Charles Granieri, Gary Buhrmaster, Ric Claus, Neil Johnson, Bryson Lee
Discussion:
- SASS has received a proposal/contract from MTI for the Phonenix-to-Gilbert connection.
- Project management has approved the purchase of the DMZ/Telco Rack equipment.
- To support an additional SLAC-public VLAN in the MCR, we are adding a Cisco 3750-24 switch to the purchase.
- We need to make another attempt to pitch for a separate SLAC-public network segment for e-mail, NCR's, etc. for the off-site LAT personnel at NRL/SASS.
Actions:
- Gary to review the MTI contract and forward it to Bryson.
- Charley / Rodney / JP to proceed with purchase requests for the equipment.
- Bryson to schedule another discussion with Bob Cowles regarding the SLAC-public network needs at NRL/SASS.
...
- Review system description and network diagram (MSWord)
- Finalize cost estimate
- T3 one-time and recurring costs.
- Policy on use of spare firewall vs. new purchase
- reprogramming turn-around time
- re-use spare Checkpoint license?
- NRL topic: "office"/public network connectivity.
Attendees:
Len Moss, Charles Granieri, Gary Buhrmaster, Ric Claus, Neil Johnson, Bryson Lee
Discussion:
- Summary of SLAC/ASU/CENIC/SASS Networking telecon:
- SASS will assist SLAC in provisioning a circuit from the FOF to the Sterling Networks DataCenter in Phoenix.
- SASS has recently provisioned fiber-optic circuts to the FOF through Mountain Telecommunications (MTI), and will obtain pricing and service contract information from them on SLAC's behalf.
- This circuit will cross-connect to the ASU border router (collocated in the datacenter). There is a one-time $1500 charge for the cross-connect.
- ASU will pass the traffic onto a CENIC circuit to the CalREN-HPR backbone in Riverside, CA. ASU will pass on their bandwidth cost to SLAC at $1450/month for this service.
- Stanford is a CalREN hub site, so the traffic will flow to SLAC via Stanford.
- SASS will assist SLAC in provisioning a circuit from the FOF to the Sterling Networks DataCenter in Phoenix.
...
- There was at one time a plan to provide an additional network on the MCR that would be an extension of the SLAC Public network, to allow for a small group of machines at NRL with general access to SLAC resources such as e-mail and the NCR database. Gary recalled this discussion, but did not know if it had been dropped for some good reason, or simply forgotten.
Actions:
- Bryson will finalize the cost estimate in the system description document for presentation to the project next week.
- JP will provide an estimate of the turn-around time required to reprogram a Nokia firewall, should we decide to repurpose one of the existing spares for pre-positioning at SASS.
- JP will comment on the feasability of providing an extension of the SLAC public network through the VPN tunnel to support a small group of general-purpose desktop computers for LAT personnel stationed at NRL during environmental testing.
...
- MCR location after LAT integration to spacecraft bus.
Attendees:
Bryson Lee, Len Moss, Charles Granieri, Jean-Raymond Pierre, Gary Buhrmaster, Rodney Wong, John Canfield
Discussion:
- SASS/CENIC link: A telecon is scheduled for Wednesday, 29 March among the various players.
- Charley provided refined pricing for the Nokia IP380, Checkpoint license, and Cisco 3560G switch
- Decided to use the same HP enclosure (36U) as the MCR, and install two model 2200RM UPS's with NEMA 5-20P plugs. There are already multiple 120V/20A circuits available at SASS.
- We recommend that LAT personnel familiar with the I&T flow perform a site survey at SASS. One potential concern is the distance between where the telco/DMZ rack will be positioned, and where the MCR will initially be set up for the post-arrival checkouts. It might be possible to make a fiber, rather than a copper connection between the two racks, if SASS has the necessary infrastructure and the distance is large.
- We tabled the discussion of potentially relocating the MCR to SLAC after the LAT is integrated on the spacecraft as an idea that's better pursued through the I&T operations folks ( Neil, Ric, Ken Fouts, etc.).
Actions:
- Gary will prepare a brief memo in advance of the local-loop telecon so everybody's on the same page. He'll try to include some estimate of installation, equipment, and recurring charges for the T3.
- Bryson will incorporate the updated pricing information into the system-description document.
- Bryson and Neil will present the system description and justification to Lowell Kleisner / Dick Horne next week to obtain the funding.
- Rodney / JP / Charley will consolidate the quotes for the various components in preparation for placing the orders.
...
- SASS I&T LAN Connectivity
- creation of DMZ b/w MCR and SASS firewalls
- firewall rule changes
- VLAN changes
- DMZ host machines(s)
- quantity & hot/cold spare operation
- rack space / power / cooling constraints
- network connectivity (switch ports)
- console connectivity (KVM ports)
- purchase lead-time
- Alternative bidirectional file-transfer possibilities
- creation of DMZ b/w MCR and SASS firewalls
Attendees:
Bryson Lee, Neil Johnson, Len Moss, Charles Granieri, Jean-Raymond Pierre, Gary Buhrmaster, Rodney Wong, John Canfield
Discussion:
- Current schedule for LAT arrival at SASS is mid-July; therefore we need to have the necessary equipment in place and tested NLT 15 June.
- We do not have enough hardware in-house to be able to pre-position and check out connectivity without robbing backup units from the MCR.
- We do not have enough power / cooling / rack space to install additional equipment in the MCR.
- Proposed solution is to purchase and configure additional equipment, then deliver it to SASS, do the checkouts, and leave it in place until the LAT arrives. Additional equipment includes:
- Nokia firewall + Checkpoint license + 48-port switch
- 2 Dell 1850 servers (DMZ hosts)
- T3 local-loop interface hardware (TBR)
- half-height enclosure for above
- "ITAR" workstations (already on order)
- Upon arrival of the LAT & MCR from NRL, John C. will unplug the firewall in the MCR from the switch, and plug in the pre-positioned firewall for immediate connectivity to SASS and SLAC.
Actions:
- Gary will convene a telecon among SLAC, CENIC, ASU, and SASS network engineers to refine the details of the ASU-SASS local-loop connection. Tentatively scheduled for 3/15, may move to early in the week of 3/18.
- Neil will determine the correct funding mechanism / procedure for the telco charges.
- Charley will begin preparations to purchase the firewall, license, and switch.
- Rodney will begin preparations to purchase the additional 1850's.
- Bryson will assemble a system description and operations concept to provide justification for the additional purchases and define the objectives of the pre-positioning test. Draft due 3/22.