UNIX ADMINISTRATORS MEETING
March 7, 2006

The second meeting of Unix Administrators the Spring semester brought out over 40 members. Stan Kolasa of Camden Computing Services led the meeting. The following is a summary of the meeting:

Curtis Saal of Camden Computing Services talked about how Camden is set up for spam filtering. In the past 3 years, they have seen a 2100% increase in the amount of mail they are processing. To support their mail services, Camden uses Postfix, Amavis, Spam Assasin, Razor, Pyzor and DCC. In Camden, spam filtering is turned on by default for all students (although they can "opt-out" via a web page). Current faculty-staff do not have spam filtering turned on by default, they must opt-in. About 50% of them do opt-in already. In the summer, Camden plans to make spam filtering the default for all NEW faculty/staff accounts (newly created accounts).

In the event that mail is forwarded to another email address, messages tagged as spam are not forwarded unless the student chooses to have them forwarded. Faculty spam-tagged messages are forwarded by default but can be retained in their spam folders if desired. Spam messages are held for 30 days before being deleted from user spam folders. If there are any questions on how Camden Computing Services handles spam filtering, please contact them via help@camden.rutgers.edu.

There was some interest in having a local DCC server run at Rutgers. Tom Grzelak said he would look into seeing if any unit would be interested in doing so.

Craig Hynes of Camden Computing Services led a discussion on load balancing. Camden has been working with IP Virtual Server (IPVS) to do Layer-4 switching and load balancing. IPVS comes built in with linux, thus its free and fast, running at the kernel level. They run IPVS on Debian. IPVS can be set up in 2 ways - using NATing and Direct Routing. NATing is the easiest to set up however it has the potential to overload the lead machine. Direct Routing permits a back-end machine to commuicate directly with client. Direct Routing is much harder to configure (there are numeorus arp issues that Craig spends time trying to resolve.) Keepalives are complex and failover is a noted problem as well. If you have any questions on how Camden Computing Services implements IPVS and load balancing, please contact help@camden.rutgers.edu

Tom Grzelak of OIRT is looking at Zeus as its load balancing package for the Sakai service. It advantage is price, runs on commodity hardware and runs on Solaris (which is the OS that they are standardizing on for Sakai's operation.) Tom said it is difficult to identify a clear metric that justifies the cost of a hardware solution like Foundry versus a software solution like Zeus or IPVS.

Roy Marantz of NBCS suggested that the hardware solutions tend to have more features and can handle many more simultaneous connection attempts. They tend to better support consolidation of multiple services behind one (set of) box(es). When considered as part of the total networking infrastructure they may actually be less expensive. NBCS always considered the question, "What would take out the system?" For example, if NetApp communication dies, what happens, how will your system react? When asked about using the old method of Round Robin DNS for load balancing, Roy felt RR DNS did not handle failure well and did not perform the greatest (i.e., slow.)

There was a brief discussion use of LDAP and RADIUS for authentication. Rick Anderson of DCEO is interested in using a single sign-on and/or the Central Authentication System (CAS) for application specific issues. There were various discussion topics that followed on what LDAP is being used for, what should it be used for, how does this impact RADIUS, how does one determine authorization in this larger context, etc. It was clear from these topics that the issues are difficult and should be the part of more detailed and specific discussion.

Tom Grzelak of OIRT presented a couple of announcements relative to events this spring.

• A survey was conducted last December of the 50 faculty involved in the Sakai pilot. 90% of the faculty used Sakai as a CMS, 20% used it as a research support tool and 10% used it for admin purposes (some users used Sakai in multiple areas!) Tools they liked included basic announcements, chat, environment, resource repository, syllabus tools and web content. Tools that needed significant work were the discussion tool (not JForum) and gradebook. Other improvements needed were better editor tools and user interface. 60% of the faculty would definitely recommend Sakai to other faculty, 25% would probably recommend it and 15% would not.
• UCS/UCM/Sysadmin training in Sakai will be conducted on. Click HERE to sign up for March 15 and HERE to sign up for March 31.
• A vendor fair will be conducted on Wednesday, March 8 from 10AM until 3PM in the Busch Campus Center Multi-Purpose Room. Over 20 vendors will be there with many IT solutions. Breakout sessions with the vendors will be conducted throughout the day.
• A cyberinfrastructure/Internet2 symposium entitled "Information Technology for Research: The Impact of National Directions in Cyberinfrastructure" will be conducted on Tuesday, April 4th from 9AM-4PM on the New Brunswick, Newark and Camden campuses. This is an important event to IT staff that support research computing as it will highlight the IT expectations and pressures associated with a cyberinfrastructure environment. The agenda for the event is posted HERE and you can register for the event HERE.

The next meeting is scheduled for Tuesday, June 6th at 1:30PM in Center Hall at the Busch Campus Center.