The CUBINlab Charter

Network Design and Philosophy

CUBINlab does not provide a general purpose IT facility, but caters to special needs within CUBIN. As it operates using part-time administrators, it relies on an operating regime of high user self-reliance, and hence low administrative overhead. The following design principles, philosophy, and core facilities define its use.

• Not a parallel system to EE-IT, servicing special needs and experienced UNIX users of CUBIN only. These needs are summarised as follows:
  • When direct access to the Internet is needed for research purposes
  • To develop and work with testbeds, clusters and prototypes with specialist needs, such as frequent and radical reconfiguration
  • For the storage and processing of very large network traces
  • For users wishing/needing to use UNIX who have the skills to do so with minimal supervision
• All UNIX based (no Microsoft Windows machines - these are handled by EE-IT)
• Relatively homogeneous (Linux when possible, *BSD on others as needed)
• Highly autonomous: strict firewall, UPS for critical systems and nightly tape backups
• Use of three Internet addresses and control of firewall enabling network experiments
• Separate domain name (cubinlab.ee.unimelb.edu.au) enabling independent webpage for information and file sharing
• Freedom of development: no restrictions on architecture or configuration of satellite entities
• High degree of autonomy of users - low baseline administrative load:
  • Satellite entities to be managed separately by associated users
  • Superuser access for all competent users on an as-needed basis
• CPU load on server machines kept low for scalability - most software and processing on end machines and inside satellite entities
• Fast reconfigurations according to needs, but strict adherence to simplifying principles:
  • All users have accounts on the main server, consistent user and group IDs
  • Accounts on machines 'as needed' between and within entities
  • Absolute minimum openings in the firewall between CUBINlab and the outside network
  • Entities kept as independent as possible (e.g. no cross mounting)

Users

CUBINlab users can be classified as follows.

1. Administrators
2. Users (Defn: using CUBINlab but not resident, primary home directory elsewhere) Typically the Secure Shell (SSH) protocol will be used to access facilities.

Users accessing the network via the WLAN will have no privileges other than access to the system through a secure protocol, as described in detail in the WLAN documentation.