Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Network Infrastructure for Academic IC CAD Environments
1. Network Infrastructure for Academic IC CAD Environments
EUROCON 2011 - E-Learning II
Network Infrastructure for Academic IC
CAD Environments
Pedro Coke, Cândido Duarte, André Cardoso, Vítor Grade Tavares, Pedro Guedes de Oliveira
April 29, 2011
Microelectronics Students’ Group
DEEC - Departamento de Engenharia Electrotécnica e de Computadores
FEUP - Faculdade de Engenharia, Universidade do Porto
Rua Dr. Roberto Frias, s/n, 4200-465 Porto, Portugal
Sala I325, Telephone: 225574199 - Ext 3230
web: usgroup.eu e-mail: info@usgroup.eu
April 29, 2011 1/14
2. Network Infrastructure for Academic IC CAD Environments
Introduction
At the Microelectronics Students’ Group,
students are able to take part in the
development of IC projects
The group provides a well-suited working environment for
IC CAD design
Over time, however, more complex projects demanded a
more reliable and secure computer network infrastructure.
April 29, 2011 2/14
3. Network Infrastructure for Academic IC CAD Environments
Introduction
This need was approached through an extracurricular
activity
The project gathered students in Computer Sciences and Electronics and
Computers Engineering, interested in developing knowledge on network
security, allowing them to:
· Pursue their own topics of interest
· Autonomously explore solutions to fulfil requirements
· Consolidate knowledge through hands-on experience
April 29, 2011 3/14
4. Network Infrastructure for Academic IC CAD Environments
Project
Kick-off
The students started by reviewing the current solution in
order to identify existing problems
· Maintaining software copies on many machines
· More users than machines available
· Sensitive information transmitted on public network
April 29, 2011 4/14
5. Network Infrastructure for Academic IC CAD Environments
Project
Requirements
Following this analysis, the project requirements were
defined
· Centralized user authentication
· Filesystem distribution throughout the network
· User storage
· IC-CAD software
· Secure infrastructure on insecure network
April 29, 2011 5/14
6. Network Infrastructure for Academic IC CAD Environments
Core Services
Authentication
The Kerberos protocol allows secure
authentication over a non-secure network
It relies on symmetric key cryptography to provide
authentication for users and services.
· MIT Kerberos V
· All core network services rely on Kerberos for authentication
April 29, 2011 6/14
7. Network Infrastructure for Academic IC CAD Environments
Core Services
Directory Service
LDAP is an application protocol for
querying and modifying directory services
on the network
Used by host machines to query for users and groups.
· OpenLDAP server
· Stores user and group information
· Secured using Kerberos V
April 29, 2011 7/14
8. Network Infrastructure for Academic IC CAD Environments
Core Services
Storage
AFS is a networked filesystem that
provides a location-transparent file name
space
· OpenAFS server
· Stores IC-CAD software and users’ homes
· Uses Kerberos authentication
· Access control lists (ACL) allow flexible permissions
· Flexible volume management system with load-balancing
April 29, 2011 8/14
9. Network Infrastructure for Academic IC CAD Environments
Single Sign-On
SSO mechanisms allow users to seamlessly authenticate
on all core services
Upon first authentication request, Kerberos issues a
Ticket-Granting-Ticket, which can be used for authentication to other
services without re-entering credentials.
PAM and NSS are used to integrate Kerberos, LDAP and OpenAFS at
login time.
April 29, 2011 9/14
10. Network Infrastructure for Academic IC CAD Environments
OS Deployment
Automated installation mechanisms allow
for non-interactive OS deployment.
The used operating system is CentOS, and Anaconda kickstart files allow
for fully automatic installation.
· Host boots from network
· Configuration files are copied over the network via SSH
· Custom profile system to differentiate between hosts
· Local package mirror to speed up install
· Host is fully usable at first boot
April 29, 2011 10/14
11. Network Infrastructure for Academic IC CAD Environments
Network Topology
All hosts are connected via a Gigabit
Ethernet switch to avoid performance
losses
A single computer runs all network services, and is
connected via a 2Gb connection through NIC bonding
to further reduce bottlenecks.
Redundancy through several servers was considered,
but due the lab’s already limited resources only one
server was deployed.
April 29, 2011 11/14
12. Network Infrastructure for Academic IC CAD Environments
Conclusion
The implemented infrastructure was deployed in the
Microelectronics Students’ Group laboratory network
Running in production environment for several months without significant
issues, providing a well suited environment for IC design.
A simple security assessment was done using the Nessus
vulnerability scanner, which revealed no faults.
April 29, 2011 12/14
13. Network Infrastructure for Academic IC CAD Environments
Conclusion
All the defined project requirements were fulfilled
The team was able to meet the goal of designing and implementing a
network service infrastructure from scratch.
It allowed students to develop knowledge on areas not always thoroughly
explored during courses, with complete autonomy.
April 29, 2011 13/14
14. Network Infrastructure for Academic IC CAD Environments
Thank you.
DEEC - Departamento de Engenharia Electrotécnica e de Computadores
FEUP - Faculdade de Engenharia, Universidade do Porto
Rua Dr. Roberto Frias, s/n, 4200-465 Porto, Portugal
Sala I325, Telephone: 225574199 - Ext: 3230
web: usgroup.eu e-mail: info@usgroup.eu
April 29, 2011 14/14