Infrastructure

 

Accounts

We use LDAP for our user administration, meaning that you can log into all systems (list of work space computers) and always have the same home directory located on the central file server, using the account provided by the administrator. You should change your initial password as soon as possible using the password command.

Account names are manually allocated and are kept the same across other user administration accounts as much as possible. This simplifies the unification of user administration throughout the physics department or even RWTH-wide. The establishment of the mail account, which takes the following format account@physik.rwth-aachen.de, is coupled with the establishment of an identically-named account in the physics computer lab. This allows you access to the computer lab resources. You should also change your initial password there. You can do so in the portal.physik-rwth-aachen.de using the password command.

You can find information about using, setting up, and configuring a mail account in the FAQs.

Paths

The home directories are located almost exclusively on the central file server lxtsfs1 and follow the syntax

/net/home/lxtsfs1/tp[abcde]/<account>

They can be found the same way using this pathway. The home directories are secured daily.

There is a quota system that restricts the available space to a so-called soft limit of eight to twelve gigabytes per user. This means, that one can temporarily, for a maximum of six days, exceed this soft limit by two to four gigabytes. Every six hours a check is conducted to see if a user has exceeded the soft limit. if so, he or she will be notified by email.

Each desktop system has a scratch area available that isn't used by the operating system. It's under

/scratch/work sowie /scratch/temp

Anyone can locally save files here, but they will not be saved in the backup!

These files can be accessed from other systems via a unified path name. For example, if files were saved on

lxtx104 in /scratch/work/<account>, they would be available on all systems under

/net/work/lxtx104/<account>.

Computers

The institute's desktop computers are operated as up to date as possible under an openSUSE Linux distribution. The current version is 12.3. In an effort is made to identically install the systems, so that users find the same environment on all the computers. All systems are generically 64Bit. This means that most programs are 64Bit and the compilers generate a 64Bit code. 32Bit compatibility is possible in the sense that many dynamic libraries are installed that are needed to carry out (existing) 32Bit programs.

Programs and libraries not contained within the distribution, are globally installed under /usr/local -a directory on the central file server.

Services like Fileserver, Printserver, DHCP-Server, Subersion-Server, local Apache-Webserver etc. are made available on dedicated server systems, that are no longer placed in installation shafts, but rather in a special server room.

A list of desktop systems is automatically updated.

Network

In theory, there are two class C subnets available, 134.61.10.x and 134.61.11.x . Servers, printers, and laptops can be found in the first one, while the desktop systems are in the second one.

External Access

The Theory of Physics network is protected by a firewall, preventing direct access from the outside. There are two access computers lxtsac1.physik.rwth-aachen.de and lxtsac2.physik.rwth-aachen.de, which can be accessed via ssh in selected networks. If such access is required, please contact the administrator, so that access can be granted as soon as possible. In the meantime, a series of networks from universities, institutes, and research institutions have been activated, as well as dial-up access from respective internet providers.

Via ssh-tunneling you may login on your desktop PC. A short instruction is shown when loggin in on the access computers
The x2go software allows to start a compelte graphical environment on a desktop PC in our network from remote. It is based on the ssh protocoll.

WiFi

For security purposes the physics department does not operate its own wifi network. The access points in the Physics Center are integrated into the University's wifi system.

There are two ways to gain access:

1. Through the open, unencrypted MoPS network. Anyone can connect using this network. However he or she is also restricted to this network without taking any further steps. In order to exit this network, one needs either a temporary account, which one can activate using one's own computer, or via VPN access, using the CISCO VPN Client for RWTH. This process is becoming less supported and is being replaced by eduroam.

2. The University is connected to eduroam, a worldwide wifi roaming network. The IT Center offers instructions on how to use this network.

Laptops/DHCP-Server

Institute laptops and employee and guest laptops are assigned an IP address via DHCP. However, this address is linked to the so-called MAC address of the computer, so that it isn't possible for just anyone to join our network. Administrators should be notified of this MAC address, so that the system can be entered into the DHCP server.

Web traffic from the IP area, in which the laptops are also located, have been directed over a so-called proxy service and thus filtered for viruses and other damaging software since the end of 2009. Connections to pages that are known to be unsecure are blocked.

Services

Subversion

A subversion server of version 1.7 is available on the system lxtssvn.physik.rwth-aachen.de (alias for lxtssp1.physik.rwth-aachen.de).

Brief Introduction

The revision control system subversion makes it possible to administer projects, for example programs, drafts, publications, Diplom and doctoral theses, in such a way, that earlier conditions can be restored at any time and multiple people can simultaneously work on the same project. The Subversion Book provides a detailed description. Just some brief information about the principal function is offered here.

Subversion manages projects in so-called repositories. You can locally create them yourself using the admin-tool svnadmin or have them created on the lxtssp1 server, established as a subversion server. The first version has the disadvantage that multiple people can only work on a project if you make the repository readable. Creating repositories on directories mounted with NFS is not recommended.

The second option is thus preferred. However, an administrator must set up and configure the repository.

A test repository was set up on lxtssp1, which one can secretely access as a user with a password. With
'svn list svn://lxtssp1/test --username test',

a password is entered and content or rather than projects/directories of the repositories can be listed. The subversion tools "remember" the access data in a sub-directory ~/.subversion, so that the username and password do not have to be entered again when accessing the same repository again. Using
svn import project folder svn://lxtssp1/test/projekt -m "Kommentar"

a new project is added to the repository, wherebyproject folder is the local directory for the project. This will be mostly empty for a new project. A standard structure is recommended, which makes it easier to take branches of development into consideration at later points in time.

It is important that nothing else is worked on in the local directory project-folder, because a so-called working copy must first be created from the repository. Subversion can only save all the information in a sub-directory svn here, which it needs for version control. This working copy is generated by a checkout: svn checkout svn://lxtssp1/test/projekt

In order to run changes in the repository, a svn commit in the directory of the working copy is generally sufficient. Recently added files must first be delivered by subversion with 'svn add dateiname' to the control, while deleted files are correspondingly revoked from the version control with 'svn del dateiname.'