Development of Computing Facilities for the Computer Science Department

1. Introduction

Over the next few years, we expect the computing facilities within the department to evolve in a number of directions. This paper attempts to predict some of the likely trends and present them for discussion. It also identifies areas which may require significant new resources.

2. Summary

Some of the trends outlined in the following sections are mainly concerned with changes in technology and the way in which the infrastructure is provided. We do not expect these developments to substantially change the user's view of the core services.

However, some of the developments could significantly affect the facilities and support directly available to end users. The following points probably represent the key issues:

• In the past, the department has concentrated largely on one ``standard'' system, but it seems likely that more diversity will be inevitable in the future. This diversity may come from both additional Unix platforms as well as single-user machines running completely different operating systems, which may well lead to a less tightly integrated system.
• Clearly, the high level of detailed support provided in the past for a single system can not be extended across a much wider range of platforms. Many other organizations address this problem by devolving much of the support work to end-users, but this can be very inefficient and requires significant additional effort from the users themselves.
• There is no defined policy and no mechanism for enforcing the security of the current systems. This means that the practical level of security is often considerably less than users might expect. We believe that this is no longer acceptable for many applications, and a clear policy needs to be developed which provides an appropriate balance between ease of use, cost, and level of security.
• Development of new directions may require significant resources and some mechanism is needed to identify existing areas from which these resources can transferred.

3. single-user Machines

3.1 Trends

We anticipate an increasing proportion of single-user machines such as Macintoshes and/or PCs. Initially, this will probably be mainly for personal use and specialized teaching applications, but later, it may also include student laboratories. This is largely because:

• Such systems often provide better facilities for the administrative tasks, including document processing and mail, which are the major applications for many users.
• The University administration and central facilities are moving towards this type of machine, as are many other organizations, and compatibility with these will be important.
• Portable machines are becoming increasingly popular as the power and connectivity improves.
• The number of students and staff owning machines at home is likely to increase and compatibility with these is also important.
• single-user are more cost-effective for many applications.

Although the development environments on these machines are often more attractive than the equivalent Unix environments, only PCs running NT (or Linux) would currently be considered suitable for general student programming until the other operating system(s) develop more robust memory protection. However, we would not be happy to commit, at this stage, to developing one platform (Macintosh or PC) at the expense of the other, since both have distinct advantages and disadvantages; at present, Macintoshes appear to be establishing themselves in the department as portable and administrative machines, while PC's are being used more for programming and student work.

3.2 Configuration and Maintenance Problems

Unix is well-suited to large-scale remote management and several man years of effort within the department have been devoted to producing a system which is very efficient to manage. Managing single-user machines is extremely difficult and usually very inefficient¹. It is inconceivable that we could manage significant numbers of single-user machines with the existing man-power unless new mechanisms are developed to improve efficiency in a similar way to the existing systems.

Many organizations provide very little co-ordinated management of single-user machines leaving responsibility with the end-user. However, this tends to be extremely inefficient and an appropriate balance needs to be found between user- and central responsibility.

Some effort will also be required to integrate these machines into the infrastructure and to develop appropriate ways of working; for example, user files held on a local personal machine will no longer be available to other network users.

4. Workstations and Compute Servers

4.1 A Wider Range of Platforms

Although single-user machines might be appropriate for an increasing number of users, there will still be a heavy demand for workstation-class machines. These will be necessary for users with heavy computing requirements or specialist applications, such as graphics. In many cases, Suns will be perfectly suitable, but they will not be the ideal machines for all applications and we would like to be able to provide a wider range of Unix workstations for specialist needs. This might lead to smaller numbers of more highly configured machines, and it is not clear whether it will be appropriate to site these machines in individual offices (for example, the existing Silicon Graphics machine).

A number of the configuration and support problems associated with single-user machines are also relevant to diverse Unix platforms and it is likely that these could only be supported by devolving some support functions in a similar way.

4.2 X Terminals

X terminals have provided cost effective desktop facilities in the past, but we expect their numbers to reduce in the future. There are a number of reasons for this, including:

• Workstations (or single-user machines) are more flexible and likely to adapt to new requirements (for example, multi-media and video-conferencing).
• Some security problems are impossible to solve adequately with X terminals.
• The unpredictable loading of the network and servers is not always acceptable.

It is possible that X terminals could be used to provide supplementary public facilities for news and mail processing freeing more powerful machines for general computing.

4.3 EUCS

Previously, the facilities offered by the central Computing Services have been rather different from those required locally within the department. However, they are now very similar and it should be possible to take more advantage of this. More student access from central laboratories (of single-user machines or workstations), and more use of central compute power are two possibilities.

5. Infrastructure Services

5.1 Core services

The current departmental infrastructure provides common facilities such as Mail, News and Internet services based on distributed Sun servers. We believe that Unix-based Suns will continue to be the best platform for this type of application and we do not envisage any major changes in the way in which the present services are implemented; Sun Solaris is comparatively easy to manage, and it is frequently the first platform to which new software is ported.

However, some infrastructure services will need to adapt to the requirements of more single-user machines; for example, remote backups, mail, and file sharing. There is also a possibility that requirements may appear for completely new applications which will have a significant effect on the way in which the infrastructure is provided. For example, development of video-conferencing would have significant implications for the technology and topology of our networks.

5.2 EUCS

Some of the services which we offer at a department level are also becoming sufficiently commonplace that we might want to consider transferring the responsibility to the Computing Services. This would reduce the load on our equipment and support staff. Initially, News is the most likely candidate, but mail and other services could also be considered in the future.

6. Remote Access

We anticipate an increase in the amount of remote access to departmental computing facilities. This will come from portables and home machines, as well as increased student use of central computing laboratories. This implies a change in the balance between servers and workstations as well as possible improvements to the network facilities. It may also involve investigation of new technologies such as ISDN and cable networks.

Remote access also has significant security implications and remote-users may not be able to expect the same access rights, or even operating procedures, as local users.

7. Software

Previously, much of the software used within the department as been built from source code and adapted as necessary to fit the local requirements. In many (but not all) cases, it is now possible to move towards more standard software which would be more compatible with other sites and require less maintenance. However, especially with single-user machines, there is a trend away from supplying source code and towards binary-only distributions. This means that the software might not be so well integrated as the current systems and additional work may be generated in some cases to overcome these problems. Software costs and management of software licensing will also need much more attention than in the past.

8. Security

8.1 Policy

An ``acceptable'' level of security represents a trade-off between convenience, cost and level of security. It is impossible to implement a security solution without a clear statement of policy which defines the relative importance of these factors (in practice, different levels of security might be appropriate for different areas of departmental activity).

At present, the department has no security policy and, as a consequence, users cannot be sure what level of security is actually being provided for their data. A clear policy is required, together with some mechanism for enforcing that policy, particularly where this depends on manual procedures, or management of systems that has been delegated to end users.

Current security arrangements are appropriate for the original departmental network used for academic purposes and connected to a comparatively small number of similar systems. This is unlikely to remain acceptable in the future for a large, highly distributed system which is central to the running of the department.

8.2 Implementation

Implementation of a security solution across a distributed heterogeneous networks is extremely difficult and is not adequately addressed by system vendors². However, a complete solution must cover both technical issues and associated manual procedures. Some possible examples include:

• ``Firewalls'' between groups of machines to provide clusters of machines which are more secure than other machines.
• Provision of data encryption software (for example, PGP).
• Privacy enhanced mail.
• Documentation and training in security issues.
• Authentication schemes such as Kerberos.
• Manual procedures for handling paper records.
• One-time passwords.
• Smart cards.

Footnotes

... inefficient¹

The paper http://www.dcs.ed.ac.uk/home/paul/ Internal/Mac_Support.dvi describes some of the problems involved in the management of significant numbers of macintosh machines

... vendors²

The papers http://www.dcs.ed.ac.uk/home/paul/ Internal/Mac_Security.dvi and /home/gdmr/Progress/ docs/sys-security.dvi describe some of the issues in more detail

By Paul Anderson <paul@dcs.ed.ac.uk> , George Ross <gdmr@dcs.ed.ac.uk> , Alastair Scobie <ajs@dcs.ed.ac.uk>
Department of Computer Science, Unversity of Edinburgh, 31st January 1996