In order to fulfill the requierements of the TROPOS it is important to provide and maintain the IT equipment adequately. A workgroup called “IT” is responsible for maintaining, secure, enhance and extend the IT infrastructure. Centralized server and de-centralized clients serve as the base of IT. Furthermore researcher and employee are using technical devices that are connected to a high-performance Campus LAN and therefor can efficiently communicate with the servers and clients. A thoroughly designed security concept ensures the best possible stability, integrity and reliability of the LAN.
The TROPOS owns its own data center on the premise. Most of the centralized servers, the core elements of the LAN and telephone system are placed there. Furthermore, the border between the LAN and WAN and the accompanying security system are also placed there. Therefore these critical systems have to be secured in the best possible way. We are using a redundant UPS system to ensure a reliable power supply, even during an external power shortage. Also the refrigeration system has a redundant configuration. We are also using an extinguishing system combined with an early fire detection system. Every building occupied by the TROPOS houses active network components to connect the clients with the core network elements in the data center.
Currently 4 persons belong to the IT team. Formally, the IT team is part of the modeling department.
In order to acquire the right hardware, we need to take the network structure on one hand and the logical IT structure in general into consideration. In the following there are 5 topics where we will illustrate the importance of this.
- Client PCs / measurement PCs
Employees can choose between Desktop-PCs, Apple products and laptops. Depending on the hardware, the employee can choose between following Operation Systems: Windows 8, MacOS X Mountain Lion or a current Fedora Linux. Hardware as well as Software and OS requirements are discussed agreed upon in a work group called “EDV”.
- IT “Services”
IT services such as DNS, WWW, mailing system, EDUROAM and so on are hosted on a few servers. Most of these and more services are running on VMware virtualization clusters, which allow efficient use of hardware. Printing is realized through the help of a so-called printing server. We also have a printer for printing posters, e.g. for conferences. HPC Systems enables the use of CPU- intensive “models”, especially in the field of numerical model development. We use 3 different CPU types: POWER CPUs by IBM, where we have 5 servers, 4 Power5 (P5-570 and P5-575) servers and 1 Power7 server (P7-755). Furthermore, we are building an HPC Cluster, currently 5 intel based IBM x3850 X5 Servers. Additionally, we have various servers for development purposes, where changes at models can be tested without interrupting productive runs. We are also using one server with an AMD CPU. We take advantage of external offered CPU space like HPC Cluster in Jülich or TU Dresden.
- Internal networks
The TROPOS deploys 3 kinds of networks: a. We use 10 Gigabit Ethernet optic fiber connections from the buildings to the core element and partly to the servers. Clients are connected to 1 Gigabit Ethernet copper Cat6 cables. b. Clients can also access the internal networks via WLAN c. In order to efficiently, reliably and easy to expand the disk space provided for storing data, the TROPS uses a SAN based solution. Currently we are providing 180 TB of disk space altogether.
The TROPOS is part of the X-WIN, a network provided by the DFN association. We are part of a network cluster with the University of Leipzig hosting the core router. We ensure the availability of the WAN connection through two “triangles”. The first triangle connects the TROPOS, University of Leipzig and the Helmholz Centre for Environmental Research. Additionally we are connected to the DBFZ and them to the University of Leipzig to form a second triangle. We are only using one connection as our primary internet connection and a second connection as primary VoIP connection.
- IT security
The security concept of the TROPOS consists of several individual methods. A big part of it is our Firewall / IPS system between the WAN and the LAN. Furthermore we are using rich security features provided by the network equipment manufacturer we use. Moreover we are monitoring services and the network in general to detect anomalies and responding to them before an attack can happen or damage can be done. Finally we continuously instruct the TROPOS general staff to be aware of possible threats like scamming emails / websites, suspicious attachments of emails and so on.