CAT Chat Minutes

September 26, 2005

 

Information and Follow-up
Over the break, network and firewall failed.  APS IT was not aware until the following Monday, September 26, 2005. 

David Gore is discovering websites to which he would like to access are now being blocked.  David said that hardly any notice was given and would like IP to address CAT Chat.

P. Jemian reminded group that email was sent out before the new firewall was applied.  Email dated
September 9, 12, and 17 (pasted below) address changes to the email and firewall.  If you have not received proper notification, contact John Quintana’s office.

From url http://www2.aps.anl.gov/info/Computer_Info/2005/maillist.html#00092: 

--

Subject: APS Network Outage
From: Dave Leibfritz <leibfrtz@aps.anl.gov>
Date: Sat, 17 Sep 2005 12:54:42 -0500

At approximately 19:30 on Friday one node of the firewall cluster failed with two disk drives failing in the raid 5 controller. This is highly unlikely to occur and must have been the result of a power anomaly. The other node of the firewall cluster should have taken over all network traffic but stopped passing traffic even though it was still operational. At 10:50am this node was rebooted and started passing traffic again. The failed disk drives were then rebuilt and now both nodes of the cluster are now operational. We apologize for this network outage.

--

CAT Firewall Upgrade TONIGHT at 5pm
Subject: CAT Firewall Upgrade TONIGHT at 5pm
From: Dave Leibfritz <leibfrtz@aps.anl.gov>
Date: Mon, 12 Sep 2005 08:56:52 -0500

On Monday, September 12th, at 5pm the current CAT firewall will be
upgraded to the next generation Sidewinder G2 firewall. This is the same
firewall that APS has been using for almost a year. This is a MAJOR
upgrade and we should have most services running by 9:00pm. During this
period all network access to CAT and some XOR beamline subnets will
be unavailable including  Web, Email, and VPN access.

This new firewall will provide full redundancy, better performance and
enhanced security. Anti-virus, anti-spam, anti-spyware, and URL
filtering are built into the firewall. See http://www.securecomputing.com for additional information.

We expect problems with this upgrade.  All current CAT firewall rules had to be manually added to the G2 firewall and many had to be reengineered.  A month of effort was spent transitioning these rules over to the new firewall and, unfortunately, we have no way to test all these rules before they are placed into production.  This firewall is very complex and is the most comprehensive gateway security appliance in the world. Every effort will be made to insure this upgrade occurs as smoothly as possible.  Please enter a HelpDesk case for any problems with this upgrade or you can call the IT group phone number x9273 if the network problems continue after 9:00pm.

--

Subject: CAT Firewall Upgrade Monday September 12th 5pm
From: Dave Leibfritz <leibfrtz@aps.anl.gov>
Date: Fri, 09 Sep 2005 11:16:20 -0500

Web Filtering Upgrade Today at 1pm

  • Subject: Web Filtering Upgrade Today at 1pm
  • From: Dave Leibfritz <leibfrtz@aps.anl.gov>
  • Date: Wed, 07 Sep 2005 12:50:17 -0500

The URL Web filtering software, Smartfilter, will be upgraded today at 1pm. This upgrade includes numerous enhancements including spyware, phishing and Web Ad site blocking. Smartfilter is commercial software from Secure Computing that provides a control list of millions of URLs that are organized into over 70 categories. This control list is updated daily. These categories are then used to enforce the APS Computer Policy. If a web site is blocked that is required to get your work done please enter a ‘HelpDesk’ case so that it can be reviewed and most likely permitted.

--

User would like the current operations schedule on the web to show “actual” and not fiscal year.

J. Quintana said that this can be done. 

S. Strasser announced the survey for 2005 will be posted to the web soon.  This is another opportunity for users to ‘grade’ their priorities, submitting results for management review.

Machine Stats
Run 2006-01 - First day of user operations is October 4, 2005.

Safety
An evacuation drill has been rescheduled to Thursday, September 29th.  Following the drill, AES and monitors will meet in A1100.

B. Glagola presented numbers from FY05:  2,600 experiments (approximately 80/week); 2,000 + users; 9,580 visits to the APS.

Floor coordinator, Nena Moonier, is on maternity leave, returning in December.  Congratulations on the birth of the couple’s healthy baby girl.

E. Chang announced there will be October inspections of the APS facilities.  Contact B. Glagola, J. Alicz, and/or E Chang for rules on compressed gas.  Training for class 3-4 B lasers is being organized.

Announcements
Remember, the 0101 pager is assigned to a person 24 hours a day.  If you need to reach the facility, it is always available.

Pete Jemian was introduced as the new BCDA group leader, replacing John Maclean who has assumed responsibilities as ADD of the Information Site Services, AOD.