NLIT08 National Labs Information Summit 2008

11 May 2008, 09:30 → 14 May 2008, 14:00 US/Central

Hyatt Regency Chicago

Grisleda Lopez (FNAL/CD), Jack Schmidt (FNAL), Mark Kaletka (CD/CSS Department Head)

National Labs Information Technology Summit

Sunday, 11 May

Early Registration

Welcome Reception and Poster Sessions Hosted by HP

Relax and unwind with excellent food and drink provided by HP while you mingle with peers.

1 Authentication in the LHC Remote Operations Center

Fermilab has made major contributions to the new Large Hadron Collider nearing completion at CERN in Geneva, Switzerland, including superconducting magnets, the Compact Muon Solenoid detector, and the networking and computing infrastructure to collect and analyze the avalanche of data to be produced by the collider. And in a departure from the ordinary limitations of proximity to the detector, the Remote Operations Center at Fermilab will extend monitoring and control access to US-based scientists. Because the ROC is highly visible, we desire to make logins to the operations accounts and shift handoffs as smooth as possible, while maintaining compliance with the lab’s security policies. The use of extensions to the pam_krb5 module written by Russ Allbery of Stanford, together with features in newer versions of Jamie Zawinski’s xscreensaver program, has made this straightforward.

Speaker: Wayne Baisley (FNAL)

2 Experiences Implementing Aperture VIEW

Experiences with implementing Aperture VIEW for the Fermilab Computing Division are described with an emphasis on those features which foster organization collaboration. Future plans to implement the companion product Aperture VISTA (which manages Computer Rooms and Data Centers) are discussed.

Speaker: Dr David Ritchie (FNAL)

3 HPC Configuration Management Challenges

Large-scale high performance computing (HPC) systems pose special problems to system administrators, particularly with respect to configuration management. These systems function at a scale larger than typical environments, run with synchronized workloads, and must be treated in a hands-off manner when jobs are running. Coupled with the need to keep compute systems as uniform as possible, these problems can put considerable stress on infrastructure and administrators alike. At the same time, HPC systems are perfect candidates for complete configuration management, generally exhibiting high levels of uniformity and administrator control. With a strong configuration management tool, keeping compute nodes identical, login nodes clean, and management nodes secure all become much more manageable. This can all be done while helping administrators both document and understand their environments better than with ad-hoc systems. In this talk, we will give an overview of the challenges we face in managing the 500TF Blue Gene/P system at Argonne National Laboratory's Leadership Computing Facility and its infrastructure. In particular, we will focus on the configuration tradeoffs that we face in this environment and the level of automation we have achieved by using Bcfg2, an open-source configuration management tool that we have developed in Python at Argonne.

Speaker: Cory Lueninghoener (Argonne National Lab)

4 Molding Need into Vision

Over time, Sandia National Laboratories (SNL) has implemented a variety of applications and services to handle various aspects of information management. These appear in both domain-specific and enterprise-wide arenas and include capabilities ranging from basic document management to taxonomic support to long-term archiving. It became apparent that consolidation and integration could provide a more focused, cost-effective, and friendly environment for users and the Corporation to create, access, and manage information. The resulting Enterprise Information Management Services (EIMS) project was launched. But launching and defining are, as it turns out, two different things. This poster explores the evolving definition of the EIMS vision within SNL. Complexities include management expectations, the functions provided by existing information management tools, and the sheer magnitude of defining priorities and capabilities. It is particularly difficult to create and manage a vision of integration that moved users beyond status quo tools--to control and channel imagination into realistic expectations in order to achieve cultural change and transformation.

Speaker: Lisa Wishard (SNL)

5 Partnering with the FEC by Greening Computers One Byte at a Time at NREL

The Federal Electronics Challenge (FEC) is a partnership program that encourages federal facilities and agencies to purchase greener electronic products, reduce impacts of electronic products during use, and manage obsolete electronics in an environmentally friendly way. The Office of the Federal Environmental Executive and the U.S. Environmental Protection Agency will award the National Renewable Energy Laboratory the Silver-Level Award for the Federal Electronic Challenge (FEC) in June 2008. Gain insight to NREL's electronic stewardship actions undertaken in adopting energy friendly practices and the requirements to qualify for a Gold, Silver, or Bronze FEC Award.

Speaker: Connie Overly (NREL)

Monday, 12 May

Registration

07:30 Breakfast Provided by Gold Sponsors

Opening and Welcome Remarks

6 Opening and Welcome Remarks

Speakers: Dr Mark Kaletka (FNAL), Vicky White (FNAL)

The Open Science Grid: Collaborative Science on a High-Throughput Distributed Facility

7 The Open Science Grid: Collaborative Science on a High-Throughput Distributed Facility

The Open Science Grid Consortium's mission is to provide an open, collaborative eco-system in support of scientific research in the US. The Consortium provides a shared distributed high throughput computational facility serving a broad range of Virtual Organizations, supported by a common set of software technologies. The OSG project is funded jointly by the DOE SciDAC-2 program and the NSF to provide activities in support of the OSG Consortium’s mission, and especially to contribute as the US distributed infrastructure used by the ATLAS and CMS LHC experiments. The talk will explore key aspects of the OSG. Ruth Pordes is the Executive Director of the Open Science Grid(OSG), an Associate Head of the Fermilab Computing Division, and the US CMS Grid Services Coordinator. As the OSG Executive Director she is responsible for the program of work of the project as well as working with the external partners and sponsors. Prior to her responsibilities in OSG, Ruth was the coordinator the Particle Physics Data Grid DOE SciDAC-1 project, a member of the management team of the International Virtual Data Grid Laboratory Project and Fermilab Run II Joint Offline Computing projects. Previous contributions were the Sloan Digital Sky Survey and as a member of the KTeV high energy physics experiment. Ruth Pordes has an MA in Physics from Oxford University in England.

Speaker: Ruth Pordes (Fermi National Accelerator Laboratory)

document 118.pdf

Slides 118.ppt

Monday Site Reports

8 FNAL Site Report

Speaker: Dr Mark Kaletka (FNAL)

Slides 93.ppt

9 ANL Site Report

Speaker: Charlie Catlett (ANL)

Slides 111.pdf

10 INL Site Report

Speaker: Carl Fennen (INL)

11 LANL Site Report

Speaker: Tom Harper (LANL)

Slides 120.ppt

10:30 Break with Refreshments/Sponsor Exhibits

Monday Breakout 1

11:40 session change

12 InDiCo - An Opensource Meeting/Workshop Conference Tool

InDiCo (Integrated Digital Conference) is a web application developed at CERN (and supported at FNAL and CERN) for scheduling events. The software allows a user to schedule events, from simple talks to complex conferences with many sessions and contributions. The software provides many user delegation features. It also provides mechanisms for reviewing papers, conference material archival and much more.

Speaker: Ms Marcia Teckenbrock (FNAL)

Slides 11.ppt

12:25 Lunch Provided by Gold Sponsors

13 Exchange 2007 Pilot at LANL

IST & CTN divisions have collaborated to implement an Exchange 2007 Pilot at LANL. I will discuss the technical architecture, testing methodology and deployment strategy/considerations of this solution. The next phase of this pilot involves the implementation of a Blackberry Enterprise Server architecture. Come learn how LANL implemented this technology and the lessons we learned along the way.

Speaker: Anil Karmel (LANL)

Slides 66.ppt

14:10 session change

14 Fighting Spam: Tools, Tips, and Techniques

As spam has evolved, simple regular expressions to look for "spammy" content in email messages are no longer sufficient. Systems administrators now require much more sophisticated techniques to combat the ever-increasing flood. This talk is not a tutorial for implementing a single anti-spam solution, but will cover a broad spectrum of anti-spam technologies at all layers of an SMTP session. Topics include: IP level anti-spam techniques such as blacklists and reputation filters, envelope-level techniques such as greylists and tarpitting, and content-level techniques such as Bayesian filters, SURBLs, and distributed signature filtering. Tools such as Postfix, AMaViS, and SpamAssassin that can be used to tie these techniques together will be discussed, as well as a few other techniques including backscatter avoidance and MX funneling. I will also discuss issues unique to the National Laboratories, and Argonne's successful deployment of IronPort Anti-Spam Appliances.

Speaker: Brian Sebby (Argonne National Laboratory)

document 45.pdf

Slides 45.ppt

14:55 Break with Refreshments/ Sponsor Exhibits

15 Configuration Management with Bcfg2

In modern environments, system administrators must increasingly work with complex and critical systems. Robust configuration management techniques and the improved understanding of configuration that it entails both dramatically improve the productivity of system administrators and robustness of systems. We begin this talk with a configuration management primer. We also provide an architectural overview of Bcfg2, an open-source configuration management tool developed at ANL. Bcfg2 provides a number of unique features enabling groups to bring complexity under control, retain institutional knowledge, and efficiently scale manpower to large numbers of managed systems and configuration diversity. This talk provides a detailed description of the capabilities of Bcfg2, the manner in which groups worldwide have deployed it, and their deployment results. It also provides advice for groups seeking to improve their configuration management processes.

Speaker: Narayan Desai (ANL)

Slides 58.ppt

16:10 session change

16 Staying Ahead of the Cro-Magnons: Managing High-Performance Computing Resources

Sandia National Laboratories (SNL) has developed and implemented the use of a database-backed web application to capture, track, and prioritize estimates of future system usage for all of its supercomputers, compute clusters, and visualization systems. It is called HERT (meaning HPC Estimations & Requirements Tool) and was built to facilitate the achievement of the best possible fair-share policies and load-balancing for the users, the highest utilization numbers for the system administrators, and to ease the prioritization of jobs for upper level management. It allows users to specify urgency and importance of the work they need to perform on the systems, it organizes and reports this data in many forms, is regularly utilized by high-level managers to ensure the appropriate classification of work to-be-done, and most importantly, it is currently integrated with system queues and will be directly tied to job schedulers for immediate implementation of the action and direction given by these upper level managers.

Speaker: Heather Robideau (SNL)

Slides 100.pdf

Monday Breakout 2

17 Linux Academy

In the past several years, the need for UNIX System Administrators at Los Alamos National Laboratory (LANL) has significantly increased. There have been several causes for this including but not limited to: 1) Various flavors of Linux have become very popular with LANL scientists and they have moved from Windows and Macintosh platforms to Linux. 2) With the significant advances in several Linux distributions, many users no longer require Windows or Macintosh to perform their job and have chosen to move to a more scientific OS. 3) In October 2007, LANL moved to a new funding model for Desktop Support that meant that most basic support comes from the Computer, Telecommunications and Networking (CTN) Division. 1. Since CTN had been unable to hire anybody for over a year, we have been hiring technicians from other organizations at LANL. 2. Now that CTN is expected to provide support for these organizations, we must come up with new ways to fill in remaining holes. 4) Several very good Linux system administrators have left LANL over the last few years due to retirement and/or uncertainty about the future of LANL. Linux Academy is CTN's method of developing the next generation of Linux System Administrators at LANL.

Speaker: Brian Sedlacek (LANL/CTN-1)

Slides 29.ppt

11:40 session change

18 Expressway Red Hat Installation

* Institutional install of Red Hat Linux 3,4,5 from one CD * Static IP or DHCP environment * Uses syslinux's comboot32 API to gather information from user * Modifying initial ramdisk (initrd) to change anaconda innards * %post and %pre in kickstart (LANL's configuration) * "Set it and forget it" install by 1) creating kickstart 2) editing kickstart 3) editing hardening configuration 4) insert CD and boot 5) enter information about the host 6) installation does the rest... completely updated after install is finished!

Speaker: Jimmy Devenport (LANL)

document customkickstart.py.instructions.rtf

Slides 39.ppt

text

• checkver.py.txt
• getnet.c.txt
• incomplete-rhusreg.pl.txt
• LA-UR.txt
• setrootpw.txt

Video nlit-ewrh.avi

12:25 Lunch Provided by Gold Sponsors

19 Scientific Linux

What is Scientific Linux? When should you use it? When should you not use it? How can it fit into your Enterprise Linux strategy?

Speaker: Troy Dawson (FNAL)

Slides 42.pdf 42.ppt

14:10 session change

20 Mac Support at Fermilab

Mac Support at Fermilab was officially re-introduced in June of 2007 . Officially there are 350 Macs ( laptops and Desktops and no MacAir) as of time of writing this abstract. We currently support Computer Professionals, Physicists, and Directorate Personnel. In order to make our Mac environment Enterprise Ready; the OSXWG ( OSX Working Group) was formed to create and review central management policies, Advise on procedures and formulate new processes to make the Mac a more acceptable OS in the Enterprise Environment. Whilst there are many tools/ products available in the Mac World to resolve issues we are currently in the process of evaluating a few tools that are Enterprise Ready/ capable. The ones that will be discussed are for Anti Virus: Symantec and Sophos; for Inventory ARD and QMX; for Domain Membership Centrify. We will talk about the order in which these were and are being implemented and why.

Speaker: Ben Segbawu (FNAL)

Slides 53.pptx

14:55 Break with Refreshments/Sponsor Exhibits

21 Workstation Backup – Atempo LiveBackup with Nexsan ATABeast

NREL’s backup solution for workstation PC’s using Atempo Livebackup and Nexsan ATABeast. Backups are automated, continual and cone over the network for any workstation PC’s. Primary computers being backed up have critical data or applications and computers with complex configurations. Backup configuration allows for grouped or individual settings for the type of data being backed up and exempted data. Hardware being used includes a standard Windows server and disk arrays for actual data storage. Clients can restore folders, subfolders or files with various criteria including location, when the file was last saved and type of file or a total system restoration can be done.

Speaker: Don Reed (NREL)

Slides 121.ppt

16:10 session change

22 Mac Support BOF

Monday Breakout 3

23 Sandia’s mobile data encryption effort

Sandia decided to deploy Credant Mobile Guardian in response to the tri-lab laptop protection policy published in August 2007. The presenter would like to share why the product was selected, the trials and tribulations associated with its deployment, and our future plans to deploy to other platforms.

Speaker: Samuel Jones (Sandia National Laboratories)

Slides 81.ppt

11:40 session change

24 Microsoft and the Federal Desktop Core Configuration

FDCC is designed to provide a single, standard, enterprise-wide managed environment for desktops and laptops running a Microsoft Windows operating system.

Speaker: Shelly Bird (Microsoft)

Slides 94.pptx

12:25 Lunch Provided by Gold Sponsors

25 Sandia Vista Deployment Plans

Over a year after the release of Windows Vista and with the much needed release of Service Pack 1, stability has greatly been improved over the original release. In addition, Microsoft has updated and improved their deployment tools, such as the WAIK and the Microsoft Deployment toolkit, so that we are able to better prepare and streamline our deployment processes. In this presentation we’ll discuss the tools and deployment methods that Sandia is working on in preparation for the gradual rollout of Vista to our environment that is scheduled to begin the summer of 2008.

Speaker: Roman Selever (SNL)

Slides 85.pptx

14:10 session change

26 Vista and Office 2007/2008 Plans at LLNL

Vista is passing through the maturity and hype cycle into a more stable meadow, especially with the release of SP1. Office 2007 has been out for a while, but multi-platform business units have been slow to adopt in fear of alienating their Mac users. Office 2008 for the Mac is finally released, paving the way for a new Office deployment. Is it truly the green light? And what about Vista still? Across the DOE complex, Labs are examining the Vista/Office issues and deciding what to do. This presentation will explain the what and why behind LLNL’s plans for Vista and Office. Viewers of this presentation will gain insight into the business decisions behind a major rollout at a large Lab, and acquire some tools that we’re employing for analysis and decision-making.

Speaker: Mark Dietrich (LLNL)

Slides 47.ppt

14:55 Break with Refreshments/Sponsor Exhibits

27 The Federal Desktop Core Configuration (FDCC)

The Federal Desktop Core Configuration (FDCC) is a common security configuration that provide a baseline level of security. OMB in collaboration with DHS, DISA, NSA, USAF, Microsoft and NIST have provided the FDCC baseline. Learn how and why Sandia is making the integration of the FDCC policies an integral part of their planned Vista Deployment. Topics include, looking at the policies in a focus group, overcoming application incompatibility, deploying the Vista image in the locked down state.

Speaker: Stan Hall (SNL)

Slides 68.ppt

16:10 session change

28 FDCC/Vista/Office 2007 Rollout BOF

Open discussion regarding timelines for labs to rollout Vista, Office 2007 and implement FDCC

Speaker: Stan Hall (SNL)

Monday Breakout 4

29 Give Me a Lever, I Can Move the World - Using EA

By leveraging Enterprise Architecture (EA) best practices when making business decisions, EA becomes a valuable tool to better achieve mission and business results. Three main areas of successful EA are - EA Value - An alignment of technologies with business processes does not realize the full value of the EA proposition. Through alignment from data sources all the way up to achievement of Performance metrics, EA can increase efficiencies at all levels and facilitate effective organizational decision-making. This can serve a greater goal, whether moving the world or reducing costs. Governance - Too often, EA Governance develops and sustains the EA, without assessing the value and fit of investment proposals. There's no guidance for how systems are to be built so they're useful parts of the EA framework and fulfill strategic plan goals. An optimal set of EA Governance Processes to follow to achieve the greatest benefits for the least amount of effort will be covered. Communication - While Governance helps align processes, communications between entities produce results. For DOE, standardized communication procedures between the various Program and Secretarial Offices, Labs, and other stakeholders are essential. To continuously improve and mature our EA program, pilot programs to facilitate fruitful discussions and active EA work at all levels will be introduced.

Speaker: Denise Hill (IM-21)

Slides 78.ppt

11:40 session change

30 MESOdata: The Key to Unlocking EA Benefits

Your mechanic says your car needs a part called an ARG-92, but they only have the ARG-95 in stock. Will it do everything the original part does? The names seem similar, but how can you be sure? The same problem arises in Enterprise Architecture, when the titles of architectural elements appear to match but don't. Or else they have different names but are the same thing (Would you like a Pop or a Coke?). Since a key goal of EA is to promote reuse and repurposing of existing IT investments, the solution lies in something called a Shared Vocabulary which is based on the technology of ontologies and which not only captures in a Semantic Net the Lexicon (structured language) in the EA for the enterprise, but also the Vernacular (ad-hoc language). This leads to developing a set of unified Namespaces for the enterprise and subsequent universal Sets of Classes for system definition, design and development. The consequence of this is the ability then to identify IT investments that can genuinely be reused and repurposed, as well as those that can staged as shared resources (which also naturally leads to effective SOA).

Speaker: Bruce Gras (IM-21)

Slides 62.ppt

12:25 Lunch Provided by Gold Sponsors

31 Customer Relationship Management Applications

This presentation is a case study on how Customer Relationship Management (CRM) Applications hold the key to strategic customer intimacy and portfolio management. Traditionally, CRM tools are used to organize customer information under a variety of functional services. They allow organizations to create an integrated view of the customer and use this information to coordinate services/capabilities across multiple channels for business portfolio management and customer engagement. CRM is also capable of managing relationships of any kind (not only customers), allowing an organization to retire multiple legacy systems, leveraging existing information, resources, and funding to transform discrete sources of data in to a strategic asset for business intelligence. This presentation is a case study at Sandia National Laboratories of their path to implementing Microsoft Dynamics CRM to address these issues.

Speaker: Kate Rivera (Sandia National Laboratories)

Slides 54.ppt

14:10 session change

32 Records Management and Information Technology Management

Records Management and Information Technology Management: A Necessary Collaboration in Complying With the Department's A-130 Requirements. OMB Circular A-130, Management of Federal Information Resources, requires agencies to (among other things ) take an integrated approach to managing information throughout its life cycle, collect only that information needed to perform agency functions, and to use electronic media and formats that will make government information more accessible to the public. This presentation will examine the relationships between records management and information technology management in meeting the Department's A-130 responsibilities.

Speaker: John Davenport (DOE OCIO)

Slides 67.ppt

14:55 Break with Refreshments/Sponsor Exhibits

33 Classified Medialess Computing in LANL's Applied Physics (X) Division

The complex-wide stakes for secure classified computing have been forever raised. The Department of Energy and National Nuclear Security Administration have increased their oversight of the National Laboratories' information technology operations. Scrutiny from the news media and the general public is at an all-time high. Most importantly, we must continue to improve our cyber defenses against the malicious insider. In this presentation, we will examine the next-generation secure classified computing model being deployed to the Applied Physics (X) Division at Los Alamos National Laboratory. We establish the basic requirements for computing in our organization, which heavily focuses on research, engineering, computation, and visualization. We define a broad threat model, including risks from forgetful or careless employees up through the malicious insider. Walking through the results of our evaluations of existing technology, we discuss the security, scalability, manageability, and usability of several classified desktop solutions. We show how these criteria led to the selection of specific technologies for use in X Division. Finally, we describe the production deployment of "Classified Medialess Computing" in X Division, covering the major aspects of both the end-user and system administrator experiences, and noting how our deployment fits into the wider computing and physical security perspective of tomorrow. If you are interested in reducing energy consumption, improving utilization of your organization's computing cycles, better protecting your electronic classified information, extending your desktop computing hardware lifecycles, or centralizing your hardware maintenance and system administration points, then this presentation is for you.

Speaker: Ahmad Douglas (Los Alamos National Laboratory)

PDF 40.pdf

Slides 40.ppt

16:10 session change

Monday Breakout 5

34 Advanced Windows Operating System Imaging and Deployment

Deploying an operating system to a single computer occurs many times in its lifetime. The processes to do so can be time consuming, requiring significant technical knowledge. Deployment integration, built in to any business model, streamlines operations, standardizes settings, improves productivity, and decreases support costs significantly. Today, deployment is more than putting an image on a computer. Modern deployment tools make deployment extremely dynamic, allowing users to make setting choices, migrate data and settings and/or perform complete backups, automatically apply the appropriate drivers and software, and do so securely. It also allows deployment administrators the ability to use predefined logic to automate choices for the user based on business needs while fulfilling mandatory requirements based on just about any criteria imaginable, all while keeping the management simplified. With the right plan and implementation, technical support staff will not be required to manually perform repetitive deployment tasks for end users any more. Whether deploying Windows XP, Vista, 2003 or 2008 server, 32 bit or 64 bit, Microsoft Deployment 2008 (Lite Touch) and/or SCCM 2007 (Zero Touch) can help. In this presentation, we’ll look at how to implement a deployment solution that significantly reduces deployment and support costs, increases deployment security, and has the flexibility to be configured to suite the most complex of needs.

Speaker: Chad DeGuira (ORNL)

11:40 session change

35 LBNL Software Distribution Site

The Software Distribution site is a Web-based software and license management system developed through a collaboration between the IT and Engineering Divisions. This system enables end-users to download free software as well as purchase licenses for common applications, transfer licenses among co-workers or workstations, and track their own licenses for historical purposes. This is done interactively to allow instant access to new software titles or versions. All licenses are linked to the end users and their workstations by asset/DOE number. The system also performs administrative functions such as tracking licenses for audit purposes, software usage and consolidating expensive one-off software purchases into a once per month "true-up" expense with most of our vendors.

Speaker: Dan Pulsifer (Lawrence Berkeley National Laboratory)

Slides 36.ppt

12:25 Lunch Provided by Gold Sponsors

36 Streaming Applications

Windows streaming applications offer the promise of making user’s environment more portable and robust. With this promise in mind Sandia started a small project to test Streaming Applications. The two primary technologies tested were App Stream and Soft Grid from Microsoft. The presentation will talk about features, implementation, lessons learned and overall impression with the products.

Speaker: James McDonald (Sandia National Labs)

Slides 21.ppt

14:10 session change

37 Training in new technologies at ORNL

IT University was initially created to help the Information Technology Services Division staff learn the new Microsoft technologies that were soon to be offered to ORNL. IT University had some success with the training by offering one hour lunch and learns as well as creating a SharePoint site with numerous web resources. While this was a good start, there were some problems with the way the lunch and learns were presented and with the fact that there was just not enough information being made available to the staff. The answer to those issues was to turn IT University into a project. With a good budget and planning, IT University now offers multiple types of training including the one hour lunch and learns, half day classes, as well as all day classes. IT University has a more informative SharePoint site in which users can get even more information to help further their education. With all these options available, there is ample opportunity for the IT staff as well as the majority of the lab to have good exposure to the new Microsoft technologies that are being offered.

Speaker: Tina Overby (ORNL)

Slides 87.pptm

14:55 Break with Refreshments/Sponsor Exhibits

38 Update on Network Enhancements for DID at ORNL

The Defense in Depth (DID) project has been underway at ORNL for over a year with many changes both technically and procedurally to the IT environment at ORNL. Several of those changes involved the Network infrastructure. This presentation will provide an update to a presentation made at NLIT 2007. It will focus on network level enhancements put in place to meet Network Segregation requirements of the DID project. It will include discussion of technologies used to provide Network Segregation as well as policies processes driving the technology decisions.

Speaker: Clark Piercy (ORNL)

Slides 99.ppt

16:10 session change

39 Installing a BlueCat IP Management Solution

NREL has been using Lucent QIP as its IP management system for last ten years. Licensing costs, usability and manageability has long been an issue with the product. We are in the process of replacing the Lucent QIP system with an appliance-based IP management system from BlueCat Networks. BlueCat Networks developed this secure DNS and DHCP solution to solve several problems faced by today’s business networks. Misconfigured or misallocated IP infrastructures create complexity and pose security risks. Standard Microsoft Windows-based DNS and older versions of BIND are inherently insecure. UNIX or Linux-based DNS solutions with BIND are more secure, but require dedicated expertise and are susceptible to syntactical and logical errors. Deployed externally or on an internal network, BlueCat is the industry-leading DNS and DHCP solution that solves these issues and securely provisions mission-critical services. The BlueCat system does not have license limitations and has a web interface to ease the addition of new MAC layer addresses to the allowed address pool. It also has additional management services that make it easier to audit changes and age-out old MAC layer address automatically. For redundancy multiple appliances are being installed in each network. An overall management server will control and sync the appliances.

Speaker: Andrew Gehring (NREL)

Slides 102.ppt

Monday Breakout 6

40 Enforcing Network Compliance at ORNL

ORNL’s Network Access Control manager (NACmgr) was developed to enforce ORNL network policies and perform network compliance checking. NACmgr uses Simple Network Management Protocol (SNMP) to poll all the switches and routers on the network for active hosts every five minutes. It then joins information from other systems, such as network registration, harvested Dynamic Host Configuration Protocol (DHCP) logs, and the cyber compliance system, to determine which hosts to isolate from the network and how to do it. This presentation is intended to be a follow-up to the NLIT 2007 presentation “NAC at ORNL” and will encompass the specifics of NACmgr design and operation. Target audience has some knowledge of basic computing, networking, and cyber security concepts.

Speaker: Paige Stafford (ORNL)

Slides 74.ppt

11:40 session change

41 Security-Conscious Web-Based Collaboration Tools

DOE sites must walk a fine line between being good citizens of global scientific research communities and high-security locations entrusted with sensitive information. In this talk I introduce two Web-based tools that have been developed to meet LANL's security requirements while allowing collaboration with external colleagues. The first tool is a Web form processing tool to deliver Personally Identifiable Information (PII) from public Web forms into LANL's protected intranet. This tool grew out of a need to minimize the vulnerability of data stored on public web servers, while allowing institutional Web sites to receive their necessary data from external collaborators. The second tool is a Web-based file transfer service recently launched at LANL. With our increasingly strict e-mail screening policies and other restrictions, users require an easy-to-use alternative to e-mail attachments for transferring files to both internal and external colleagues. In addition to describing the overall design of these collaboration tools and how they mesh with other Internet Services at LANL, I hope to discover how others are using the Web at their sites to encourage scientific collaboration.

Speaker: Michael Lee (LANL)

Slides 43.ppt

12:25 Lunch Provided by Gold Sponsors

42 INL's Enclave Transformation

Recent cyber security regulations and challenges have been imposed that have made Laboratory networking environments reconsider their existing design and environments for securing data assets that traverse and are stored on the data network. Many of the Laboratories are challenged with meeting NIST and DOE requirements for securing the networking environment. As part of developing cyber security standards for the INL, it is BEA’s responsibility to define the cyber security enclave model for the INL site based on DOE and NIST guidance regarding certification and accreditation of information systems. The enclave model reflects the design of the INL’s Next Generation Network (NGN) with respect to cyber security to support the various and multiple missions of the INL. An enclave is defined as: Set(s) of data requiring the same level of protection. The data is protected as a group, under the same management controls and have the same security control (CIA level) requirements.

Speaker: Paul Martinez (INL)

Slides 82.ppt

14:10 session change

43 Effectively Meeting Security Requirements through KVM Technology

Cyber-Security management is the cornerstone of any national security institution. The high rate of emerging technology makes it very challenging to continuously adapt security requirements. USB and Firewire ports and their connecting devices are some of the security risks we have seen appear over the last few years. Many technological approaches have been devised to resolve these vulnerabilities -- some more successfully than others based on their application. This presentation provides an introduction into a KVM implementation at the Los Alamos National Laboratory. This installation has been in place for over six years and has successfully passed all audits. It has been showcased multiple times to other agencies and Laboratories across the complex because of its security advantages. The presentation focuses on the system architecture and some of the tools and procedures developed for implementation. If you are considering a secure implementation or are in the process of setting up a KVM system, you won't want to miss this opportunity!

Speaker: Brian Martinez (LANL)

Slides 79.ppt

14:55 Break with Refreshments/Sponsor Exhibits

44 Disk Encryption BOF

16:10 session change

45 SourceForge BOF

What is SourceForge? How has LANL responded to the need for a better software quality management system? SourceForge provides a variety of integrated resources to facilitate successful development and management cycles. These resources allow 1,200 customers to utilize many of the integrated tools like source code management and role base access controls. This centralized service available in both yellow and red networks offers up a web server with an Oracle backend. We will be discussing in further detail how it is used as a Source Code Management (SCM) repository, and how users use it at LANL.

Speaker: Tina Newberry (LANL)

17:00 Free Time

18:00 Buses to Evening Event

Evening Event Sponsored by CDWG, HP and McAfee

Mystic Blue Dinner Cruise, Navy Pier – CDW-G will like you to be our guest for an evening of food, beverages and entertainment while cruising along the Chicago skyline!

Tuesday, 13 May

07:30 Breakfast Provided by Gold Sponsors

Morning Update

Keynote: IT Transformation at ORNL

46 IT Transformation at ORNL

Over the last 12 months IT@ORNL has deployed: Portals, blogs, IM, VOIP, desktop video conferencing, 3GB inboxes, visual search engines, mapping software, executive dashboards, expertise location and a lot of chaos. While reducing IT costs. The presentation will be live demonstrations of how the integrated technology environment is transforming the business of ORNL. A summary of lessons learned will also be presented. Scott is the Chief Information Officer for Oak Ridge National Laboratory (ORNL) and is responsible for planning and executing a coordinated information technology strategy that ensures cost-effective, state-of-the-art computing and networking capabilities for ORNL from the desktop to high-performance computing. Scott has broad national laboratory, federal, and corporate experience in managing and delivering information technology services, including recent appointments as Chief Technology Officer for the Center for Computational Sciences at ORNL, Associate Director for Advanced Computing at PNNL, and Information Technology Project Manager for IBM at the National Weather Service. He has been the program manager or architect for one of the world's top ten supercomputers six times in his career. Scott earned a bachelor's degree in chemistry from Washington State University and holds a master's degree in computer science. He is currently in the executive MBA program at University of Tennessee. He also has earned many professional certifications in project management and information technology management. He has published widely on high-end computing, storage, and Linux systems. Scott received the 2003 Smithsonian Institution's Award for Innovative Technology in Information Technology and the 2004 IEEE Supercomputing Conference StorCloud Challenge Award for the most innovative use of storage.

Speakers: Becky Verastegui (ORNL), Scott Studham (ORNL)

Slides 31.pdf

Tuesday Site Reports

47 NREL Site Report

Speaker: Jill Deem (NREL)

Slides 11.ppt

48 LLNL Site Report

Speaker: Robyne Teslich (LLNL)

Slides 114.ppt

49 SNL Site Report

Speaker: Tom Klitsner (SNL)

Slides 115.ppt

10:30 Break with Refreshments/Sponsor Exhibits

Tuesday Breakout 1

50 SharePoint as the ORNL Portal

Bio: Connie Begovich has worked in IT at ORNL for more years that she cares to admit. Since last summer, she has been working on a special team that was chartered to learn the .NET environment and to develop and standardize ways to incorporate ORNL web applications/information into SharePoint. Previous to that, she worked on the ORNL SAP team. Abstract: ORNL has chosen SharePoint as their portal methodology for the internal users. The following techniques that are being developed and used in this environment will be described: • Setting up Division sites and training the Division staff to handle the maintenance of these sites • Developing web parts to reduce emails and have a central place for users to find information • Providing useful searches • Integrating line of business applications into SharePoint • Deploying reports in a standard way

Speaker: Connie Begovich (ORNL)

Slides 75.ppt 75.pptx

11:40 session change

51 Enhancing Communication through Unifying Service

Since ORNL deployed Live Communications Services (LCS) 2005 in the summer of 2006, we have been looking for an economical way to integrate Microsoft products with our Lucent 5ESS phone switch. This battle involved contractors, consultants, Exchange 2007, LCS 2005, Office Communications Services (OCS) 2007, Dialogic, and a host of sales reps. This talk will be a discussion of the past 18 months effort to integrate instant messaging, voice mail and our phone system into an integrated unified communication system.

Speaker: Dennis Depp (ORNL)

Slides 73.pptx

12:25 Lunch Provided by Gold Sponsors

52 Collaboration Technologies at Fermilab

Fermilab utilizes a number of technologies and services to facilitate communication between globally dispersed collaborations. Video, audio and web conferencing systems are commonly used in conference rooms and on user desktops. For national laboratories and their collaborating institutes popular services for connecting multiple locations are Energy Sciences Network (ESnet), Enabling Virtual Organizations (EVO, formerly VRVS) and others. As technology rapidly changes the need for information exchange becomes increasingly important and practical. The Remote Collaboration Working Group (RCWG), a task force of the Energy Sciences Network (ESnet) Coordinating Committee, meets by video regularly for that purpose. This presentation will describe conference room and desktop collaboration technologies currently used at Fermilab. The charge to the RCWG, its membership and activities will also be explained.

Speaker: Sheila Cisko (FNAL)

Slides 101.ppt

14:10 session change

53 Building Robust Shared Administration

In many envionments, administration is shared among several administrators, split along functional areas. This process is most pronounced in computer-science research environments, where users must possess administrative privileges in order to perform their research. This arrangement is problematic, at best. Researchers are often poorly versed in site security policies and large scale infrastructure issues. In this setting, administration is frequently split into two discrete parts: a production supported environment (a "green" environment) and a research environment (a "red" environment). Red systems (and networks) cause trouble for administrative staff, while providing less functionality to users. As opposed to this hard division between administrative domains, the MCS systems team has developed a series of policies and technical measures that organize this process. The result is a clear set of responsibilities for all parties and tools to ensure that things work smoothly. In this talk, we discuss the important aspects of this approach, describing the overall model, key technical issues, and compromises we needed to make in order to build a workable process. This talk is applicable to any group that needs to perform administration with shared responsibilities in either a research or production setting.

Speaker: Rick Bradshaw (ANL)

Slides 65.ppt

14:55 Break with Refreshments/Sponsor Exhibits

54 Spam Analysis-Confronting Security Threats and Trends in today’s world

Today’s spam and its effect on lab security: The increasing maliciousness of hackers coupled with the cleverness of spammers to bypass spam filters and penetrate our networks with viruses and malware is a problem demanding acute attention. Recent incidents of virus and malware attacks have been severe enough for some DOE facilities to have lost domain controllers and data and been forced to shut down operations for several days. Five perspectives solution: The problem must be addressed from five main categories: increased knowledge of how virus and hacking infiltration occurs, awareness of current spam trends being used, information on available email defense systems, implementation of these systems and finally, a methodology of joint effort and outstanding communication between key teams. A multi-tiered approach: The overall approach is to utilize spam analysis and virus detection software on several layers of protection. Effectiveness: The keys to effective protection are proper configuration and a methodology which outlines fast team interaction. For example: teams create custom policies and monitor mailboxes created to work in conjunction with those policies. Conclusion: Current use of email as a means for sophisticated phishing and virus attacks directed at national lab security is a modern threat and a reality. A multi tiered approach is a key prevention factor.

Speaker: Leslie Cantrell (Sandia National Laboratories)

Slides 89.ppt

16:10 session change

55 Automated File Server Disk Quota Management

Sandia National Laboratories Infrastructure Computing Systems and Services Departments provide corporate file storage to all Sandia user accounts. This service is known as the Sandia Data Storage Service (SDSS). Users are allocated a certain amount of disk space automatically, and then charged a fee for additional space as needed. Requests for additional data space are managed via a web-based interface to a SQL database. SDSS administrators are responsible for making data quota modifications on the SDSS Servers to reflect the space requirements specified in this database. Originally, this was administered manually, via a user interface provided by the disk quota management application, but the task of updating user quotas was becoming more and more time-consuming, as additional disk space requirements became more common. An automated solution was needed, not only to eliminate the manual process, but to improve response time between disk space requests and actual quota updates on the SDSS Servers. The product developed to meet this need, called SDSS Quota Management Service (QMS), fulfilled the designed role, provided additional capabilities to both users and administrators of SDSS, and reduced the effort expended by system administrators by 150 man-hours per year. Further collaboration between Sandia and the SIS Laboratory at New Mexico Tech University has resulted in even more automated quota management capabilities for SDSS.

Speaker: William Claycomb (Sandia National Labs)

Slides 77.ppt

Tuesday Breakout 2

56 Windows Desktop Deployment Service at LANL

For several years LANL has recognized a need to manage Windows operating system installations, but had not identified a satisfactory approach. After considering LLNL’s XLoad application, LANL settled on Microsoft’s Business Desktop Deployment (BDD) Solution Accelerator. BDD is a free tool from Microsoft that provides the ability to create and deploy custom Windows images over the network. While the Desktop Deployment Service is still in "beta" at LANL, it is intended to become the designated, institutional method of installing Windows XP and eventually Windows Vista. This centralized desktop deployment method provides reliable consistency in configuration and addresses security compliance requirements.

Speaker: Mark Wingard (LANL)

Slides 30.ppt

11:40 session change

57 Improved Capabilities in Desktop Testing at Idaho National Labs

Desktop Management in Information Technologies at the Idaho National Lab needed a better method of testing new software, hardware, configurations, policies and practices. A test lab was designed and built to help improve the capability of Desktop Management to do this testing, considering such capabilities as remote access, VLANing, system & application virtualization, focusing on standards and desktop resources geography. This presentation will give an overview of it’s design and operation.

Speaker: John Ammon (Idaho National Laboratory)

Slides 26.ppt

12:25 Lunch Provided by Gold Sponsors

58 Shared Diskless Image

Shared Diskless image, how to do more with less, restore to original state with a single reboot. Sandia has begun a project to research the feasibility of a read-only windows environment. The project targets kiosk machines and classroom environments. Presentation will cover research, current implementation, and ongoing support.

Speaker: Randy Jaramillo (SNL)

Slides 60.ppt

14:10 session change

59 LANL's Laptop on Foreign Travel(LoFT)

Government laptops taken on foreign travel pose a special risk, especially if the laptop contains Sensitive Unclassified Information. The Cyber Security Office of Los Alamos National Laboratory (LANL) tasked the Computing, Telecommunications, and Network Division (CTN) the responsibility of creating a lending pool for use by employees traveling to foreign countries. After consultations with Sandia National Laboratory (SNL) concerning their Laptops on Foreign Travel (LoFT) program, LANL developed a laptop lending program for Windows and Macintosh systems. This presentation will describe LANL’s LoFT program and the steps taken to meet Federal information security requirements for protecting Sensitive Unclassified Information (SUI). LoFT systems are built using standard images and utilize full disk encryption. Using internally developed checklists, the laptops are configured to meet traveler requirements. The presentation will also discuss tools and processes developed, organizational resources utilized, lessons learned, and plans for future improvements such as LoFT onsite forensic scanning of systems, customized images of system for frequent travelers, and wireless access for testing systems prior to travel.

Speaker: Vera Vigil (LANL)

Slides 64.ppt

14:55 Break with Refreshments/Sponsor Exhibits

60 Greening the Data Center

Optimizing the overall power efficiency of high performance computing and data centers requires a comprehensive approach that focuses on technologies and strategies to minimize power consumption and maximize power efficiency at every level within the infrastructure, including CPU chips, power supplies, servers, storage devices, and networking equipment. In addition to measures that maximize power efficiency for hardware devices, there are also software strategies, such as server virtualization, that can play a significant role in reducing power consumption. There are a number of potential benefits that can be derived from an increased focus on power consumption and power efficiency: Extending the life of existing data centers and HPC centers and minimizing retrofits; Gaining at least partial control of growing expenses for power and cooling; Optimizing new data center designs to be more energy efficient.

Speaker: Debbie Montano (Force10 Networks)

Slides 20.ppt

16:10 sesssion change

61 Integrating security into the systems development life cycle (SDLC)

This talk will address the who, what, how, when, where, and why of integrating security into the systems development life cycle.

Speaker: Eric Silberman (OnPoint Corporation)

Slides 104.ppt

Tuesday Breakout 3

62 Virtual Directory Services and Synchronization

Many large corporations, and many national labs, face increasing challenges related to data access and security. As more applications become integrated with existing data stores, the need to access user and computer account information has grown. Sometimes this information includes personal information or other sensitive components, making data protection and access control two critical aspects to consider when implementing data provider solutions. Additionally, the desire to streamline data access and improve access response times has increased pressure on system administrators to deliver secure and robust data delivery systems. Sandia Labs has addressed these challenges with an integrated solution which provides secure and robust data access, implemented as Virtual Directories, and delivers synchronized directory information to users through the use of Directory Synchronization Services. A virtual directory is a directory data source, accessed using LDAP, which does not actually contain the information presented to the client, but rather presents the data from an underlying data source (another LDAP directory, a database, or a combination of both). Using virtual directories, Sandia opens directory information access to various applications, limiting the content shared to specific data needed by each individual application. This not only protects the information in the directory, but eliminates the need to duplicate subsets of data into customized directory services.

Speaker: William Claycomb (Sandia National Labs)

Slides 76.ppt

11:40 session change

63 Universal Certificate Authentication to Key Applications at Argonne National Laboratory

Argonne National Laboratory has implemented a laboratory-wide portal that provides centralized access to key administrative applications and employs certificates for authentication. This portal relies on an infrastructure comprising Microsoft Active Directory, Microsoft Certificate Services, Sun Microsystems Java Enterprise Suite, and open-source software. The capabilities of the Microsoft, Sun, and open-source products have enabled Argonne to readily deploy certificates for partial, as well as for end-to-end, authentication from all Argonne client operating systems. The Argonne experience demonstrates that certificate authentication to corporate applications is readily doable today. Further, the adoption of these technologies positions Argonne to exploit widespread certificate deployments, as intended by Homeland Security Presidential Directive-12.

Speaker: David Salbego (Argonne National Laboratory)

Slides 46.ppt

12:25 Lunch Provided by Gold Sponsors

64 Identity: A Federated Approach

Scientific collaboration is a worldwide enterprise, crossing institutional boundaries - yet our notions of identity tend to be firmly grounded in who pays our salaries. At the same time, initiatives like HSPD-12 tend to focus on identity for members of a specific class (government), but lack the ability to work across institutional domains. New technologies like Shibboleth and OpenID, and Federations like UCTrust and InCommon help to lay the groundwork for more nuanced and efficient versions of identity. This presentation will focus on the promises and challenges in these new developments.

Speaker: Adam Stone (LBL)

14:10 session change

65 Client Computing Encryption Efforts at Idaho National Lab

INL has recently undergone efforts in the employment of better protection of Sensitive Unclassified Information (SUI) data at the laboratory. One of the tools used in this arsenal of protection is encryption. This presentation will talk about the different encryption methodologies that help protect data at the INL from unauthorized access or loss. Discussion will focus on past, present and future processes, technologies and capabilities.

Speaker: John Ammon (Idaho National Laboratory)

Slides 33.ppt

14:55 Break with Refreshments/Sponsor Exhibits

66 Entrust PKI: Data Encryption in Transit at Sandia

Data encryption is becoming more and more important as we rely on E-mail, mobile computing and Blackberrys to move sensitive data around the labs and the world. Sandia National Laboratories is one of 7 DOE PKI CA sites and provides Entrust services to over 6,200 users and looking to expand that to over 10,000. Sandia is currently using Entrust Desktop Solutions (EDS) 7 and planning to migrate to Entrust Security Provider (ESP) 8. This presentation will cover testing with the new ESP 8, inoperability with the old client, and migration from V1 to V2 digital IDs. Other issues that will be covered include architecture, lessons learned, Blackberry S/MIME integration, and testing. Some of the major issues with Blackberrys include directory issues with multiple CA sites and large CRL files. This presentation will review other options including OCSP and Entrust Messaging server. Finally, the talk will go over PKI integration with 2-factor and the new HSPD12 badge.

Speaker: Jeremy Baca (Sandia Labs)

Slides 48.ppt

16:10 session change

67 Who’s Your System Administrator?

Tracking and Training Staff with Privileged Access The question of who has privileged access to computer and network devices is a frequently asked. In order to comply with DOE and ORNL Cyber requirements, ORNL has made some improvements this year in tracking and training these staff to include: • Roles implemented within SAP that identified system administrators • Training developed and tied to the SAP role • Development of internal operating procedures In our final step, data collected from systems is compared against the list of approved and trained system administrators for cleanup and reconciliation.

Speaker: Suzanne Willoughby (ORNL)

Slides 96.pptx

Tuesday Breakout 4

68 Building a Service Desk: The Key to Customer Service

Across the country, IT organizations are assessing how they manage their IT services and the changes, complex and simple, they can implement to improve efficiency as well as customer satisfaction. Many ITOs have found that transforming to a Service Desk enables the business to function better and improves IT services for end users. This presentation is focused on IT operational managers and the benefits and challenges to transforming to a Service Desk. The discussion will encompass the use of best practices, like ITIL, to drive continuous process improvement and to improve key performance indicators such as first call resolution rate, customer satisfaction, and incident resolution times. The presentation will also address: Why transform; Functions to include at a service desk; Benefits to the lab; Benefits to the end user; Understanding your starting point; Challenges to the transformation; Best practices; Case studies

Speaker: Steve Wade (SNL/Kemtah)

Slides 63.ppt

11:40 session change

69 Numara Footprints at BNL

The Information Technology Division (ITD) at Brookhaven National Laboratory (BNL) procured the web-based Numara Footprints product in July 2007 to replace HP Service Desk for tracking help desk incidents. This talk will discuss the implementation process including requirements gathering, designing the workflows, and training the staff, culminating in the successful deployment on March 1, 2008. The BNL Footprints project team worked closely with Numara Professional Services to design our Footprints implementation to accommodate ITIL processes. Pros and cons of working with the vendor will be discussed. Additionally, the talk will include an overview of lessons learned, and an overview of what is planned next.

Speaker: Lisa Soto (BNL)

Slides 59.ppt

12:25 Lunch Provided by Gold Sponsors

70 Central Helpdesk Consolidation

The ORNL IT helpdesk operation and staff have been consolidated in a centralized group. During this time, we have installed a new helpdesk software application, incorporated ITIL framework elements, expanded service to 24x7 and implemented many new operating procedures and services. We will discuss the approach taken to the centralization effort, challenges, customer expectations, lessons learned and our future goals.

Speakers: Bob Beane (ORNL), Sheila Causby (ORNL)

Slides 70.pptx

14:10 session change

71 Serving IT up with ITIL

The Idaho National Laboratory has embarked on Service Management by hiring IT Business Representatives and following the ITIL framework for improving business processes. Come see what progress is being made and what has been done.

Speaker: Thane Price (Idaho National Laboratory)

Slides 24.ppt

14:55 Break with Refreshments/Sponsor Exhibits

72 Quality, Pride and Motivation: A self evaluation

Bio: Shelli Goodrich is a Systems and Network Technologist at Lawrence Livermore National Laboratory; Goodrich has a Bachelors of Arts Degree in Human Development and brings 10 years of public education experience to her current role as an IT professional. Goodrich presented ‘You, Me and IT’: A Customer Service Perspective at NLIT 2007. Objective: To provide participants with useful information regarding evaluation of professional development, passion and motivation in a challenging work environment. Goals: Methods will be shared evaluating the way an individual performs tasks Procedures will be shared evaluating the formal prescribed way an organization wants a task preformed Tools will be emphasized; a software and hardware checklist a person uses to perform tasks Equipment will be evaluated, concluding the efficiency in which an individual can perform tasks Skill Level will be evaluated, of individuals performing tasks. Participants will gain knowledge and acquire resources to produce quality outcomes The implementation of a skill set will be provided so a technician can evaluate quality of work, self pride, ownership and motivation.

Speaker: Shelli Goodrich (LLNL)

Slides 86.ppt

16:10 session change

73 Ensuring Successful Collaboration Within the National Labs

In the information age businesses use terms such as Information Technology and Management of Information Systems, to identify a variety of technology based services that incorporate computer based information systems. Management of information is vital to the operation of an organization, and essentially becomes a capital asset for the organization. However, this simple idea is not so simple to implement. The first consideration needs to be what information is useful to collect? Auto-generated data that is without purpose can be like "quicksand" for an organization. Information that is generated but not used can have an equally stifling affect. What we want to collect is knowledge that is useful to the organization. Secondly, the act of collecting knowledge proves to be an illusive and difficult task to accomplish for many industries. This is due in part, to the steps involved in collecting knowledge itself. In the day of do more with less, two questions come to mind, "How can we expect folks to add to their existing work load?" and "How come we can make the time to search for information when we need it but we won't take the time to store it so it can be retrieved easily at a later time?" The purpose of this presentation is to provide some useful considerations to the audience to generate some interaction among those present as to what they feel is useful knowledge and to brain-storm processes to encourage this step within our laboratories.

Speaker: Barbara Jennings (SNL)

Slides 107.ppt

Video 107.swf

Tuesday Breakout 5

74 Change Control for SAP at ORNL

All core ORNL business systems now run on SAP so change control for the SAP application modules is critical to ensuring system and data integrity. Core applications such as Payroll, Accounts Payable, HR, Materials Management, and Accounting are now integrated within SAP and share the same database and application resources. Changes to any of these applications could adversely impact other applications if adequate change control is not in place. This session will provide an overview of how ORNL achieves change control in SAP by using both the standard SAP control features as well as ORNL administrative control processes.

Speaker: Terry Scoggins (ORNL)

Slides 80.pptx

11:40 session change

75 LANL Case Study: Funding Computing Support

LANL Case Study: Funding Computing Support On October 1, 2007 Los Alamos National Laboratory (LANL) changed the funding model for desktop and server computing support from a recharge based system to an institutional tax for standard support. This presentation will discuss this new LANL approach and the consequences of the decision; some planned, some unplanned, and observations on what could have and should have been done differently.

Speaker: Michael Zollinger (LANL)

Slides 35.ppt

12:25 Lunch Provided by Gold Sponsors

76 IT Cost-cutting at LLNL

Budgets are being slashed throughout the DOE complex. Labs are faced with reductions in IT support costs, which can lead to significant degradations in service delivery. At LLNL, we are undertaking several restructuring and cost-reduction initiatives that will reduce the impact of cost reductions and not degrade services as severely. Some of these initiatives include centralized unclassified network support, use of a common ticketing tool, use of the Enterprise Service Desk, server consolidation and virtualization, and centralized desktop management for software distribution, patching, anti-virus updates, compliance and accreditation. Some strategies include reducing the number of systems per user, reducing and consolidating printers, reducing hardware purchases through reuse, and in one business unit, platform convergence to PCs. All these are built on organizational structures featuring resource pools for our technicians while maintaining strong ties to customers programmatic needs. A viewer of this presentation will walk away with an understanding of how IT budget reductions have been dealt with at LLNL and will acquire knowledge of some tools that can be employed to meet their own Lab’s needs in the reduction space.

Speaker: Mark Dietrich (LLNL)

Slides 49.ppt

14:10 session change

77 A Case Study: Converting from Staff Aug Contract

In August 2007, Sandia National Laboratories/CA changed its staffing model for desktop computing services from FTEs and Staff Augmentation (Staff Aug) to a Procurement Staff Aug contract. This move more closely aligned with the service model used at Sandia National Laboratories/NM. A description of the drivers and reasons for making this change, and the benefits and concerns of implementing such a contract will be discussed.

Speaker: Dean Williams (Sandia National Laboratories)

Slides 22.ppt

14:55 Break with Refreshments/Sponsor Exhibits

78 Enterprise-Wide Agreement Program: An Overview

The Department of Energy spends approximately $2.2 billion annually on information technology. In the past, each Program Office, field office, site office, and major facility operating (M&O) contractor pursued their own software acquisitions, resulting in a fragmented set of contracts for the same products, services, and capabilities. In order to leverage the buying power of the entire DOE complex to negotiate maximum cost savings, the DOE Office of the Chief Information Officer (OCIO) instituted the Enterprise-Wide Agreement (EWA) program. The objective of the EWA program is to reduce total cost of ownership and acquisition cycle times by consolidating Department-wide COTS software license purchases in accordance with Federal Acquisition Regulations (FAR). This is done by coordinating the purchase of enterprise-wide license agreements (ELAs) and blanket purchase agreements (BPAs). This presentation will provide an overview of the EWA program, describe recent accomplishments, and discuss the benefits to the labs and vendors in participating.

Speakers: Kevin Cooke (IM-10), Robert Gettings (DOE OCIO), Sue Dudek (DOE OCIO)

Slides 88.ppt

16:10 session change

79 You Shall Be Assimilated

The Growing Dependencies between Desktop Support and Cyber Security Functions Abstract: Remember the line, ‘you shall be assimilated?’ Well….these last few years has seen the dependencies between desktop support and cyber security functions become more pronounced and the differences in focus almost disappearing. Hacking, cracking, zero-day exploits, COTS vulnerabilities, and customers ‘just wanting to get their job done’ keep us all gainfully employed. This BOF session will discuss the growing dependencies between these two functions and the ‘top 10’ cyber concerns and how they impact the desktop, tools, and policies sites are using to combat attacks and keep desktops reasonably safe. A longer-term, more lasting goal of this BOF session is to establish points of contact to continue to share information, problems, and mitigation strategies among sites, using the synergy of NLIT to build a stronger desktop/cyber environment across the complex.

Speaker: Julie Perich (SNL)

Tuesday Breakout 6

80 A measured approach to virtualization

My presentation will be about how to have an measured approach to virtualization. I will discuss basic steps to virtualizing any environment. From defining a scope of work all the way to production operations. I will cover all the high level steps in between as to what elements of an environment to perform analysis on. What analytical tools or services are available. Organizational considerations and administrative models. Return on investment tools and implementation plan. I will speak on using virtualization for capabilities such as server provisioning, high availability and disaster recovery. I will briefly cover the three predominant virtualization technologies, VMWare, Xen and Microsoft’s Hyper-V. I will discuss what each one has to offer, plusses and minuses of each and briefly discuss desktop virtualization and potential use cases.

Speaker: Don Mendonsa (LLNL)

Slides 72.ppt

11:40 session change

81 Leveraging VMware to implement Disaster Recovery at LANL

Based on my presentation at VMworld 2007 last year, I will discuss IS&T division's VMware implementation from a Disaster Recovery & Business Continuity perspective. We implemented one of the largest & most successful VMware deployments in the complex, achieving ROI in just 9 months while protecting critical business systems. Come learn how LANL protects both its’ physical and virtual assets leveraging VMware’s Virtual Infrastructure platform.

Speaker: Anil Karmel (LANL)

Slides 69.ppt

12:25 Lunch Provided by Gold Sponsors

82 Impact of Virtualization on the Data Center

Buzz around server virtualization has been growing in the industry for the past couple years. In 2005 National Security Technologies (Nevada Test Site) deployed Vmware ESX in to reduce the cost of purchasing servers leading to a shift in how we now do business within IT. While fulfilling on the promise of reducing cost and making us “green” it has made its mark well beyond the fundamentally changing the server infrastructure. Three years later server virtualization has impacted networking, applications, licensing, storage, backups, and the facility itself is designed. This presentation will look beyond virtualization itself to the impact it has made on your IT department as a whole.

Speaker: Robert Morrow (Nevada Test Site)

Slides 71.ppt

14:10 session change

83 Application Virtualization and how it can be applied

Software Virtualization is the technology that packages and distributes software into a single EXE, executed on a host PC without installation or changes to the local desktop's registry and file system. Software Virtualization will reduce cost and time of software deployment. Enable new software to be deployed faster. Increase IT responsiveness in making changes and updating applications. Application Virtualization allows multiple versions of the same software to be installed and run simultaneously. This presentation will give a detailed view into software virtualization and outline one possible process which could be used by the Computing, Telecommunication and Networking Division to implement and deploy the technology.

Speaker: Chris Casillas (Los Alamos National Laboratory)

Slides 38.ppt

14:55 Break with Refreshments/Sponsor Exhibits

84 I need Cyber Security Help!

Bio: Andy Ambabo (pron. Am-bay-bo) has been involved with information technology at Sandia National Laboratories for 16 years. Andy is currently a Project Manager for the Computer Support Operations organization at Sandia. Abstract: Many organizations are caught between the threat of cyber security vulnerabilities and the lack of resources needed to manage the risk. At Sandia, every line organization is required to have a “cyber security representative” (CSR) who understands the organization’s business and knows how to apply cyber security policies. As in many companies, the role of cyber security representative at Sandia has evolved from administrative to very technical. Sandia's desktop technicians in the Computer Support Units are well positioned to extend their skills to the cyber security arena. Sandia's CSU/CSR program provides lab organizations a pool of well qualified cyber security reps from the desktop technician ranks. We'll talk about the how the program works and it's benefits and some pitfalls.

Speaker: Andrew Ambabo (SNL)

Slides 106.ppt

16:10 session change

85 SW Licensing Strategies & Insuring Compliancy

Abstract: Site licensing? Secondary Use Rights? Leasing? While the software licensing options available in today's marketplace have become increasingly complex, ensuring license compliancy remains critical. In previous years, we have had regular "impromptu" meetings regarding these subjects. This year, Government and Military attendees are invited to participate in this interactive "Birds of a Feather". The focus of the open discussion will be in three parts: exploring the various purchasing options; license management best practices; and leveraging auditing capabilities to ensure compliancy. By sharing your institution's strategies in these areas, this venue will provide a unique means for a collaborative "lessons learned" opportunity.

Speaker: Mike Mikus (LANL)

Slides 56.ppt

17:00 Free Time

18:00 Buses to Evening Event

Evening Event Sponsored by Qwest

Enjoy the House of Blues compliments of QWEST

Wednesday, 14 May

07:30 Breakfast Provided by Gold Sponsors

Morning Update

Keynote: NREL Plans and Strategies for Green Data Centers

86 NREL Plans and Strategies for Green Data Centers

NREL is building two new facilities that will contain data centers. This presentation discusses NREL plans and strategies for using best practices, emerging technologies and NREL innovation to build data centers to live within LEEDs Platinum certified buildings. With over 25 years in Information Technology (IT), Chuck Powers brings a wealth of knowledge and experience to his role at the National Renewable Energy Laboratory (NREL). Chuck Powers joined the NREL in 1990 to develop and support NREL’s Scientific Computing capability. For the past 12 years, Chuck has served at the NREL’s IT Infrastructure & Operations manager of NREL's Information Services Office where he is responsible for networks, telecommunications, systems, data center management and cyber security. Prior to coming to NREL, Chuck spent two years at Teradata Corporation, where he managed the Systems and Operations department for the Research & Development division and five years at Hughes Aircraft Company managing UNIX systems. Chuck holds a Bachelor of Science degree with a major in Computer Information Systems and Master’s of Science in Management degree from Regis University.

Speaker: Chuck Powers (National Renewable Energy Laboratory)

Slides 119.ppt

CIO Questions and Answers

10:30 Break with Refreshments/Sponsor Exhibits

Wednesday Breakout 1

87 Worker involvement in Security at a DOE Lab

Ten thousand dollars. The approximate direct cost of an incident. Some estimates of IT related security incidents can be ten times that. VPP is an business architecture and third party verification for safety that has proven to reduce incidents by fifty percent. Cyber, physical and social engineering security for our organization is just as important to an organization.

Speaker: Roy Nielsen (LANL)

Slides 108.ppt 108.ppt

11:40 session change

88 Worker Involvement In Security BOF

Speaker: Roy Nielsen (LANL)

Wednesday Breakout 2

89 The LANL Super Vault Type Room

Modern distance visualization and terminal services technologies allow for ultra-thin terminal access to rich computing environments. By concentrating all storage and processing in highly-secured areas and limiting access to only human interaction protocols, we can mitigate many insider threats that most secure computing environments ignore yet maintain robust usability. In fiscal year 2007, Los Alamos National Laboratory successfully demonstrated this concept in its Super Vault Type Room (S-VTR) prototype. Demonstrating a synergistic partnership of cyber security and physical security, the S-VTR effectively enables a secure and flexible environment to deploy ultra-thin diskless systems without physical distance limitations. This platform additionally serves as a platform for future technology delivery and security necessities. Much like the safety deposit box concept at banks, the S-VTR provides consistent, professional management at reduced costs while still allowing appropriate, stratified security control. LANL is now working toward building two new S-VTRs that will redundantly contain nearly all of LANL's classified computing and storage, at all classification levels.

Speaker: Alex Kent (LANL)

Slides 57.pdf

11:40 session change

90 Data Center Fabric

The Brocade Data Center Fabric (DCF) Architecture is an architectural foundation and evolutionary strategy for designing, building, and managing enterprise data centers. A critical advanced technology integrated into the data center fabric is Brocade's adaptive networking. Adaptive networking services will become essential as evolving data center fabrics collapse server-to-storage, server-to-server, and storage-to-storage connectivity onto a common network connecting virtualized devices.

Speaker: Emerson Blue (Brocade)

Slides 105.ppt

Wednesday Breakout 3

91 Vulnerability Scanning and Automated Patching Effort

Vulnerability identification and remediation represents a fine art in the arena of computer security. Discover how the INL has approached scanning, reconciliation, notification, lifecycle tracking, closure, and reporting. We’ll briefly touch on the automation of patching, as well as the resulting impact on business processes and policy. We’ll discuss how we handle non-standard configurations and operating systems, accepted risks, cost vs. risk analysis, and non-cooperative system owners. The close will cover management metrics, requirements and drivers (OMB, PCSP, and Lab Directives), and audits (survival and response).

Speaker: Jon Homer (Idaho National Laboratory)

document DataAnalysisDemo.xlsx

Slides 28.pptx

11:40 session change

92 ORNL’s Microsoft System Center Configuration Manager

Learn how Oak Ridge National Laboratory uses Microsoft System Center Configuration Manager (SCCM) to maintain Microsoft Windows and Office updates, reduce IT cost with remote desktop, enforce configuration standards, leverage SCCM reporting, application and operating system deployment. This session will cover ORNL’s migration from SMS 2003 to SCCM 2007 and will discuss and demonstrate some of the key features that ORNL is leveraging today.

Speaker: Carlos Cunningham (ORNL)

Slides 98.pptx

Wednesday Breakout 4

93 Disaster Recovery on Steroids

The Idaho National Laboratory (INL) has recently completed a multiyear Disaster Recovery (DR) project to ensure rapid recovery in the event of natural disasters, catastrophic hardware failures, or unforeseen events requiring near immediate resumption of service. The INL identified a DR location 50 miles from the Idaho Falls production data center which is located at the INL high mountain desert facility. The DR strategy includes real-time replication of 12 TB of production data, tape backups to DR location, shadow image instances, and application development environment

Speaker: Kent Linsenmann (Idaho National Laboratory)

Slides 41.ppt

11:40 session change

94 IT Transformation, how HP is saving 2B in IT per year

Everyone’s doing it - IT transformation that is. Like other Agencies, the DOE Labs has its unique mission, IT history and future vision which will shape its path in IT transformation. That said, reducing operating costs, improving security, enabling greater agility and finding new, more effective ways to accomplish the mission are objectives almost any agency or larger private enterprise would share in common. To accomplish these common objectives, the patchwork of interconnected systems typically in existence today needs to morph into a dynamic and flexible IT infrastructure for the delivery of services. Along the way, IT transformation can also be expected to reduce the impact of IT on the environment, save huge amounts of energy and conserve natural resources. HP has walked the talk on IT transformation and is more than two years into a three year program of transformation about which information has been disclosed publicly and privately. In this session we’ll provide an update on HP IT transformation and suggest ways that the Labs can draw from HP’s experience.

Speaker: Steve White (HP)

Slides 91.ppt

Wednesday Breakout 5

95 Securing Red Hat Enterprise Linux at LANL

The Linux operating system is an increasingly popular solution for both server and workstation computing. Los Alamos National Laboratory has developed a flexible set of tools that end users and system administrators can use to secure Red Hat Enterprise Linux. Our security approach is comprised of several flexible tools: The LANL Security Tool On Red Hat (LANL-STOR) which performs secure host configuration. The LANL Red Hat Update Server providing tested package updates from a local source. The LANL ExpressWay Red Hat network installation tool. These tools are fully integrated into our network based installer (ExpressWay) yet flexible enough to be applied to pre-installed systems or systems installed from Red Hat supplied media. This talk will concentrate on the LANL-STOR secure configuration tool. We will discuss: Requirements generation from source documents to working tool. The architecture of LANL-STOR and how it has been designed to work on all classes of Red Hat systems from laptops to servers. How LANL-STOR integrates with the installation tool and RHNSS server. New features added to support compliance reporting.

Speaker: Jimmy Devenport (LANL)

Slides 34.ppt

11:40 session change

96 Mitigate the Risks of Data Leakage

Bio: David Etue, Vice President of Product Management and Senior Security Strategist. Mr. Etue brings years of experience at early-stage and mature companies to his role at Fidelis Security Systems. Mr. Etue holds a Bachelor of Science degree in Business Administration and Finance from the University of Delaware. Abstract: Don't want your Agency's classified information sent to Taiwan? OPSEC data leaving your network over peer-to-peer technology? Is it possible to have sensitive (or worse) data leave with a contractor or lab employee? As the rate of internal security breaches continues to rise, pressure is mounting to mitigate the risks of data leakage to protect your Agency's personally identifiable information (PII), confidential information and digital assets. The leakage of privacy-sensitive personal information has been shown to have negative consequences on an organization. To protect such information, organization must put policies and tools in place to stop information from data leakage. In this presentation, methods for identifying this information will be analyzed in order to understand the resource and cost impact of various methods. Presentation attendees will gain a better understanding of the issue of data leakage, along with understanding the routes available for addressing this issue. Agency best practices and current technology solutions will be presented. Attendee participation and Q&A will be a large part of the presentation - come prepared with your hard questions!

Speaker: David Etue (Fidelis Security)

Slides 44.ppt

Wednesday Breakout 6

97 Tablets: A Big Step Toward a Paperless Office

Abstract: Pens; set of 100: $79. Paper notebooks; set of 100: $159. Franklin Day Planner Refill; set of 100: $2,000 - $5,000. Franklin Day Planner non-refill; set of 100: $8,000 - $10,000. PC Tablet with MS OneNote and Outlook: Priceless. In today’s climate of becoming “greener” and focusing on cost savings and efficiency, PC Tablets, when used to their full potential, can help us take a HUGE step towards a paperless office, reducing costs for supplies and potentially helping increase the effectiveness of certain people. Come see how one person combines a PC Tablet, Microsoft OneNote, and Microsoft Outlook to dramatically reduce paper usage and dramatically increase effectiveness.

Speaker: Sue Wolfe (Lawrence Livermore National Lab)

Slides 25.ppt

11:40 session change

98 Map Information Tool

A map is a map, right? Wrong. When paired with geographical information system (GIS) technology and detailed location information, the lowly map can become a strategic tool in the safe and efficient management of a large campus. That is what Pacific Northwest National Laboratory (PNNL) accomplished with the development of the Map Information Tool, a one-stop, GIS-based, Web-accessible system that provides facility and space information to staff and visitors to PNNL, including safeguards and security personnel and first responders. Known as MIT, the new program was created from readily available technologies and is virtually maintenance-free. Easy and immediate availability of business-critical location-related information in a single place reduces reliance upon printed documentation, mitigates the risk of outdated or untimely information in emergency situations, and provides easy access to other space-related information. MIT directly aligns to PNNL’s institutional strategy - management and operations excellence - and significantly enables achievement of the lab’s strategic goal to "demonstrate cost-effective operational, financial, and organizational management of the lab to enable research." A key element of that goal is the safety and protection of people, equipment and the environment.

Speaker: Stacy Austin (PNNL)

Slides 103.ppt

12:25 Box Lunch Provided by Gold Sponsors

Closeout

NLIT Organization Members