World Wide Web at SLAC
June 1999 Review of the Strategic Plan on Computing,
Section 18
Ruth McDunn and Dennis Wisiniski
for Butler Committee Presentation (PowerPoint Format)
The Web at SLAC
- SLAC is recognized as the first web server in the US
- Advantages and disadvantages to being early in the game
- established procedures, some good and some bad (and habits that are hard to break or
retrofit)
- continual upgrading needed to keep up with technology, cant start from scratch
Vision
Strategic Plan for Computing, Section 18 - World Wide Web at SLAC http://www.slac.stanford.edu/grp/do/adcoc/stratplan97/sec18.htm
To provide a simple, ubiquitous, and efficient communication system that will enable
SLACs internal and external community to share information and perform collaborative
scientific and technical work without constraints imposed by locations, hardware or
software platforms, or unwarranted administrative obstacles.
Provide highly available access to information.
STRATEGY
- Provide central www servers for use by the SLAC community.
- The web has evolved from "novel" to "convenient" to
"crucial".
- SLAC web infrastructure was designed for easy access during development, the security
issues came much later in the evolution.
- Reliability is now an issue, especially for the PeopleSoft system, Library (SPIRES HEP
database), and the BaBar collaboration.
- The Applications Group
- Install, operate, maintain, and coordinate central web servers, services, and security.
- Support user community via education, application development and direction.
- Currently offer five production servers
- Unix (Netscape), NT (IIS4, 5 virtual servers on two physical machines)
- Evaluating Apache server on Unix
- Working on moving www-bis to it's own physical machine, remaining virtual servers to
move to Aegis, current NT machine (Athena) will be turned into a test server.
- Provide backup and restoration services for data.
- Nightly incremental backups
- Evaluate providing redundant access to information and provide as cost effective.
- Evaluate Cisco Local Director for providing fault-tolerance, mirroring, and load sharing
for UNIX Web server. Find equivalent solution for NT servers.
- Provide uninterruptible power sources for the critical servers.
- Central web servers (UNIX and NT) are now on UPS.
- Monitor the availability and responsiveness of the central server and raise alerts for
exceptions.
- Home page is checked every 15 minutes as part of the network monitoring
- Access failure initiates page to Bebo White (San Francisco), Joan Winters (Half Moon
Bay), and Dennis Wisinski (La Honda -- can't receive pages).
- Daily "heartbeats" of web servers at noon from monitoring software to prove it
is running correctly
- Long term monitoring logs show very high availability. Problems usually involve the
search indexer, script problem, aggressive policing, file system problems (AFS), and
network traffic
- Plan to develop scripts to monitor and possibly restart critical services.
- Identify the requirements for availability and, as resources allow, provide on-call
response to critical alerts.
- Best effort (only one expert UNIX web and one for NT web)
- Short on staff
Provide high quality and accurate information.
STRATEGY
- Provide documented/supported www utilities (cgi-scripts) for www authors.
- Using SLAC Web Utilities in HTML Pages
- FrontPage at SLAC
- Web Policy and Resources
- Choose a limited set of www browsers for each platform and publicize the choices.
Identify the support level needed (installation, documentation, updating, and consulting)
and the resources to provide this level of support for each chosen browser.
- Standard NT Software
- Supported MAC Software
- Unix - not documented online
- Evaluate new www authoring tools, utilities, and techniques for creating/formatting
information. Identify the most appropriate tools for SLAC, together with the resources to
support them. Publicize and make the tools available.
- Web Policy and Resources
- News from the Web Information Manager
- Provide tools to help identify bad links.
- WebAnalyzer Professional (NT)
- Explore the acquisition of a powerful, flexible database interface.
- Visual InterDev for developing web interfaces to Oracle tables
- PeopleSoft/BIS data warehouse: BIS is in the process of defining requirements for the
design of a data warehouse which will combine PeopleSoft data with SLAC data, and serve as
a convenient interface for both the Web and client-server decision support.
- Advocate a www interface to PeopleSoft, including the ability to modify/create records.
- Since Business Information Systems (http://www-bis.slac.stanford.edu,
BIS) went into production in November 1997, SLAC has had a web interface to much of the
financial data in PeopleSoft. SLAC personnels can view data via the web about
Requisitions, Purchase Orders, Property, Stores Catalog, monthly expenses, and the
Employee Directory. Currently there is an online Time Entry project underway that will
receive information centered on the web and transfer it to PeopleSoft. It is expected to
go into production in the final quarter of FY1999. A future web interface will include
employees' ability to update directory information about themselves.
- Evaluate new tools for managing www site information, where appropriate, and as
resources allow, choose, publicize, and support the most cost-effective tools.
- Web Information Manager
- Year 1 Status Report
- Evaluating FrontPage and ASP for Unix and PERL cgi-bin for NT.
- Looking for a log analysis tool that can handle the Unix log files (10 - 40 MB/day).
- Plan to convert all servers to consistent log formats, for easier analysis on all the
servers.
Provide easy-to-use access to information.
STRATEGY
- Provide well-designed information architecture (for example, link structure) to enable
users to discover what they are looking for.
- Report of the AdHoc Committee to Revise the Highlighted and Detailed Home Pages
- Implementation by Web Information Manager, appointed 4/1/98
- Show-Index cgi-script
- Provide a documented architecture for URL and file naming for www page storage/access.
- WWW URL and File Naming Scheme
- So You Want (Need) to be a Web Author
- Provide a supported and documented search engine for the SLAC www to help with
information discovery. Provide access to this search engine in the SLAC top-level pages.
- SLAC index for Infoseek search tool started Fall 1998.
- Search the SLAC Web
- Infoseek Server Help
- Evaluate and support the appropriate helper applications and plug-ins.
- Web Technical Committee, Web Information Manager, The Applications Group, and the Web
Support Coordinators are all involved in keeping up on current technologies and making
recommendations, as appropriate
- Supported NT Software,
- Supported Mac Software
- Unix??
Draw in www support and expertise from across the Lab.
STRATEGY
- Encourage Lab-wide cooperation for Web support across divisions and groups by fostering
a committee structure to enable this collaboration. This committee structure will address
policy, technical, and user coordination issues.
Current Staffing:
- Web Information Manager (.5 FTE)
- Infrastructure in TAG (2.3 FTE)
- Unix Web Admin (1 FTE)
- NT Web Admin (1 FTE)
- Direction, policy, programming (admin), security (.3 FTE)
- Content in TAG (1 FTE)
- Documentation/computing web maintenance
(1 FTE, vacant)
- Web management at SLAC
Web Management at SLAC
The departments marked in yellow are represented in the committees listed above. Out of
the 102 folks on the list, there are actually 71 people (some are on multiple
committees/lists). Need to make sure all departments who have a web presence have an
assigned WSC.
Distributed Web Support at SLAC
Departments highlighted in yellow have representatives on one of the above referenced
committees.
- Encourage and help users throughout the Lab to help evaluate and exploit new
technologies and report on their findings.
Provide appropriately secure access to information.
STRATEGY
- Provide a well-managed central www server with appropriate security.
- Security plans are driven by the PeopleSoft project, which need encrypted transport of
passwords and data.
- Implementation by TAG (The Applications Group)
- Unix Netscape client installed with Java and JavaScript disabled by default
- Eliminated FTP access to NT servers
- Block all Port 80 web servers except those that are registered and approved
- Apply server fixes as directed by the Security Officer
- Would like to develop scripts to check for insecure directories.
- Provide careful administration of the servers configurations.
- Configuration limited to a small number of administrators working closely with the
Computer Security Officer
- Provide a test www server.
- Probably later this summer (hopefully both Unix and NT test servers will be moved to
separate physical machines)
- Provide SLAC-only access for appropriate pages.
- SLACONLY access on Unix Servers
- SSL on NT servers to prevent clear-text password transmission
- Provide procedures for cgi scripts that will help reduce the
security risks. These procedures should include a wrapper, limiting access in early test
phases, some qualification of the scripts concerning their security exposures, and
appropriate access control for the script sources.
- SLAC's CGI Script Security Wrapper, developed by Les Cottrell and John Halperin
- Screened scripts written by tutored authors are added to the wrapper by Bebo White,
Dennis Wisinski, or Les Cottrell
- Provide guidelines and documentation on security issues.
- Computer security
- Security on the web
- Diligently follow the news groups on security and make recommendations.
- Bob Cowles, SLAC Computer Security Officer
- Define the requirements for future public www server(s) at SLAC.
- Energetically investigate new servers and browsers that provide easier administration,
finer granularity, and more flexible security features so we can more effectively define
and administer the SLAC Web security parameters.
- Testing Apache server on Unix for subdirectory specific SSL (not possible using Netscape
web server)
mcdunn
12 Apr 2001