The CUBINlab Charter
Network Design and Philosophy
CUBINlab does not provide a general purpose IT facility, but caters to special needs within CUBIN. As it operates using part-time administrators, it relies on an operating regime of high user self-reliance, and hence low administrative overhead. The following design principles, philosophy, and core facilities define its use.
Not a parallel system to EE-IT, servicing special needs
and experienced UNIX users of CUBIN only. These needs are
summarised as follows:
- When direct access to the Internet is needed for research purposes
- To develop and work with testbeds, clusters and prototypes with specialist needs, such as frequent and radical reconfiguration
- For the storage and processing of very large network traces
- For users wishing/needing to use UNIX who have the skills to do so with minimal supervision
- All UNIX based (no Microsoft Windows machines - these are handled by EE-IT)
- Relatively homogeneous (Linux when possible, *BSD on others as needed)
- Highly autonomous: strict firewall, UPS for critical systems and nightly tape backups
- Use of three Internet addresses and control of firewall enabling network experiments
- Separate domain name (
cubinlab.ee.unimelb.edu.au) enabling independent webpage for information and file sharing
- Freedom of development: no restrictions on architecture or configuration of satellite entities
High degree of autonomy of users - low baseline
- Satellite entities to be managed separately by associated users
- Superuser access for all competent users on an as-needed basis
- CPU load on server machines kept low for scalability - most software and processing on end machines and inside satellite entities
Fast reconfigurations according to needs, but strict
adherence to simplifying principles:
- All users have accounts on the main server, consistent user and group IDs
- Accounts on machines 'as needed' between and within entities
- Absolute minimum openings in the firewall between CUBINlab and the outside network
- Entities kept as independent as possible (e.g. no cross mounting)
CUBINlab users can be classified as follows.
- Users (Defn: using CUBINlab but not resident, primary home directory elsewhere) Typically the Secure Shell (SSH) protocol will be used to access facilities.
Users accessing the network via the WLAN will have no privileges other than access to the system through a secure protocol, as described in detail in the WLAN documentation.