Several Projects
catering the needs of different departments at NCP have been
completed and a few are in pipeline and near completion. These
projects have enhanced the working efficiency of various departments of NCP
by automization and eliminating the traditional manual working.
Following is the list of projects.
Current Projects
Following Projects are under go by
the IT Group at NCP.
National Centre for physics complex
(NCP) comprises six buildings used for official and residential
purpose. Deployment of Passive Network infrastructure at NCP complex
was completed before the complete construction of NCP complex. All
of the six buildings are connected via 24 core Dintek optical fiber.
Star Topology is used for connecting these buildings where all the
buildings named Technical Block, BOQ, MOQ, Guest House and
Residential Houses are connected to the central building Academic
Block which houses the Network Operation centre. The optical fiber
supports communication speed up to 10Gbps.
The total number of node points
in NCP complex is around 1500 including Corporate Network and
the LCG (LHC Computing Grid) Network. Structured cabling
solution for NCP uses Dintek UTP cat-6 Ethernet cable, which
supports Gigabit communication over Ethernet.
Color Coding is used to
distinguish the floor wise cabling and this is ensured in every
building of NCP complex. Color codes are as below:
Blue cable:
Ground Floor
Red Cable:
First Floor
Grey Cable:
Second Floor
Yellow Cable: LCG
Network
All of the nodes points are
numbered in a hierarchical manner thus the node point number
contains building identifier, floor identifier, room identifier
and the node number.
The optical fiber cable deployed
at NCP for connecting buildings is more than 1Km while the UTP
cat-6 Ethernet cable deployed with in buildings is approximately
240,000 running feet.
National Centre for Physics
having collaborations with prestigious international scientific
organizations (CERN, AS-ICTP, SESAME), is involved in projects
where the need of a fast and reliable network infrastructure is
of vital importance. Active network setup built on top of
passive network at NCP is designed and deployed keeping in mind
the needs of specific projects being carried out at NCP.
Design Architecture
Active network setup is designed
in a hierarchical manner based on three layer architecture i.e.
Core layer, Distribution layer and Access
layer.
Distribution blocks at
distribution layer combine the specific number of nodes grouped
together considering the following factors.
Core layer is responsible for
fast and efficient routing of data between the different
distribution blocks.
Type of Network (Corporate
/Research)
Number of nodes
Location of nodes (Building)
Connectivity from Core
layer switches to Distribution layer switches is over
10Gbps fiber links except MBGR-CORP where the
connectivity is over 1Gbps copper link. Following
Distribution blocks exist within the NCP network:
ACD-CORP
Academic block Corporate Network
ACD-LCG LCG network in Academic Block
TCH-CORP
Corporate Network in Technical Block
MBGR-CORP Corporate Network in rest of the buildings
Distribution
blocks are further segregated into number of VLANS to
isolate the traffic within the distribution blocks. This
isolation is done for building floor, voice traffic, wi-fi and
management traffic.
Finally the Access layer provides physical connectivity
to nodes (Computers, Servers, Printers, IP phones etc)
for connecting to NCP network. Connectivity from Access
switches to Distribution switches is over ether channel
combining 2x1G links. Each access layer switch is
connected to both of the distribution layer switches to
offer redundancy thus ensuring a speed of 4Gbps from
access to the distribution layer.
Finally, wireless network
connectivity is provided through out the NCP complex.
Redundant devices are used at
each layer except access layer, where redundancy is offered only
to the critical server machines. These redundant devices are
operating in a load sharing and fault tolerant mode i.e. traffic
load is shared between devices but if one device or link to that
device goes down, second device takes over in a seamless fashion
which is totally transparent to the user.
Class B IP scheme is designed for
NCP complex. IP scheme is implemented in a way to cope the above
mentioned requirements of fault tolerance and load sharing.
Implementation of IP scheme ensures maximum route summarization
and optimization.
Security
Network security is also one of
the main concerns for organization. For this purpose we have
deployed hardware/software based security firewalls, IDP and
antivirus programs along with physical security of devices.
Security policies are also implemented in access and
distribution layer.
Hardware based
Firewall includes CISCO ASA 5500 series and Juniper NS-50.
Software based Security applications include Microsoft ISA
2004/2006, as well as iptables in Linux environment.
WAN
Connectivity
NCP is connected with multiple
ISPs i.e. Nayatel, LinkDotNet and PERN. WAN connectivity via
Nayatel is 10 Mbps. This dedicated connectivity is provided on
optical fiber link. Internet connectivity of 3.5 Mbps is being
provided by LinkDotNet over a wireless point-to-point link.
NCP is also a node of Pakistan
Education and Research Network (PERN2) administered by Higher
Education Commission (HEC). Internet connectivity of 2 Mbps is
commissioned to NCP via this link. Total Internet connectivity
is 15.5Mbps, most of which is dedicated for Grid computing
services.
Commissioning of a high speed
international R&D link (155 Mbps) (STM-1) is also in progress.
This link will connect NCP with international R&D networks
including TEIN3, GEANT2 and Internet2 via PERN2 network. Physics
data from LHC (CERN) will be downloaded using this high speed
link.
This employs adding
more CPU power by adding more worker node (WN) elements to the LCG2
grid node deployed at NCP. Previously the grid node was providing 36
KSI2K, which has now been upgraded to 100KSI2K CPU power with
roughly 10TB of storage.
More storage (50TB
usable disk space) and CPU servers (providing more than 300 KSI2K)
for LCG grid node are in the pipeline, and would be added soon.
Moreover, enhancement in corporate servers is also underway, i.e.
twenty new corporate servers are in the pipeline.
FLS is a complete Finance Ledger
System of NCP. It is a powerful tool that provides an unrivalled
capacity to cut through accounting data to obtain the
information required to control the performance of organization.
This system is also helpful for the businesses to accomplish all
the accounting tasks in accurate and timely manner. This FLS
typically provides better financial controls and management
reports and involves fewer personnel and lower costs than manual
accounting methods. FLS will Manage and control overall
functions of finance department. Scope of the project includes:
Certificate based authentication
of users
Ledger management
Cash book management
Account management
Budget management
Voucher management
System will provide
following reports:
Balance sheet report
Income and expenditure report
Bank reconciliation statement
report
Payment and receipt report
Payment voucher report
Journal voucher report
Credit voucher report
Expenditure report
Budget summary report
Cash book report
Ledger report
Team:
Rao Atif Shad, Muhammad Imran, Sajjad Asghar
Online Leave
Application System (OLAS) is a application used to handle all
the leave related issues of NCP employees. Using this
application a user can login to OLAS to apply for the leave. He
can also see the history of his leaves. When user apply for a
leave, the competent authority will be automatically notified
for the approval or disapproval of the user leave application.
Main features of
OLAS are:
Online application for leave
without the need for paperwork.
Email notifications to
approving officer and applicants
Applicant and Approving
Officer can see complete leave records and approval history
respectively.
Leave records are updated
automatically once applications are approved.
Leave records may be printed
out or generated into reports.
Leave records may be exported
to any backend system.
Leave calendar provides a
bird's eye view of who's on leave.
All leave policies are
configurable (i.e. no software customization required)
NCP Online Testing
System (NOTS) is being developed to facilitate the
induction/recruitment of fresh manpower in NCP. It will help the HR
department in giving tests to candidates applying for jobs in NCP
against posts that require a written test. This system would result
in a paper free testing environment. There will be different pools
of questions for different job positions. Each candidate will login
to the system and will be presented with desired number of random
questions, which he/she has to complete in the given time. The
system also provides a facility to add new questions to a particular
questions pool, edit questions and their answers, add candidates for
a test, create tests, reschedule tests, check papers, and print
results etc. The system is being developed in Java with MS SQL
server at the backend.
Projects Completed in the Past
The IT group of NCP has been involved in the development of the
following successfully completed projects
LCG node is deployed
and maintained by the advanced scientific computing group at NCP.
The effort to deploy a grid node in Pakistan was started in October
2003, with a workshop named “Grid Technology Workshop” held from
October 20 – 22, 2003. The first ever test-bed was deployed using
LCG_1 tag 1.1.1.2 during the workshop consisting on 9 machines
providing the following services:
Node Type
No. of
Machines
Storage Elements (SE)
01
Resource Brokers (RB)
01
Computing Elements (CE)
02
User Interface (UI)
01
Worker Node (WN)
03
Grid Information Index Server
(GIIS)
01
30
machines were used during the tutorial for enabling users to
communicate with the deployed test-bed in Grid Technology Workshop
held in NCP.
Now NCP is a Tested &
Certified Grid Node in Pakistan. Grid node was tested & certified by
the Grid Deployment Team (dteam) at CERN and added to the Grid
Operations Centre (GOC) website. Now NCP is a certified WLCG Grid
node, first in South Asia and fifth in Asia. NCP Grid Node remains
up-to-date with the newer versions of WLCG.
NCP deployed a new WLCG version which
is LCG_2 tag 2.0.0 in June 2004
In September 2004, we moved to the
newer version of LCG_2 tag 2.2.0
In January 2005, we installed WLCG
tag 2.3.0 In March we updated it to tag 2.3.1
In April 2005, we upgraded our node
to LCG_2 tag 2.4.0
In November, 2005 we upgraded to the
version tag 2.6.0 on our node.
In March 2006, we installed the
version tag 2_7_0
In October 2006, we moved to latest
version tag 3.0.2_1
We also upgraded in hardware
resources by adding more machines in September 2008 and now we have
34 CPUs in our node. The details are as follows:
For becoming a fully operational
grid node, one needs to have digital certificates issued by a
trusted Certification Authority (CA). NCP deployed the first
grid test bed in October 2003 and a need was felt getting user
and host certificates. It was decided by the management that it
would be beneficial for our grid node if we could issue
certificates ourselves and become a trusted CA. The first draft
Certificate Policy and Certification Practice Statement (CP-CPS)
based on RFC2527, was prepared and sent to the European Grid
Policy Management Authority (EU-Grid-PMA). Then the efforts
continued and we became accredited by the EU-Grid-PMA in
September 2004 in their 2nd meeting in Brussels, Belgium.
In December 2007, we drafted a
new CP-CPS based on the structure suggested by RFC3647 and sent
it to PMA for approval which was approved in PMA meeting in
January 2008. We have been issuing certificates to users and
hosts to all grid partners since 2004. In June 2008 we conducted
first internal audit of the CA for assessing compliance of CA
operations with CP-CPS. The audit report is available on CA
website. More details about CA statistics can be obtained from
the following URL:
CMS production group at CERN, with
the help of its collaborators called 'Regional Centers (RC)',
located in various countries all over the world, is responsible for
running the production at the request of physicists. RCs act as
collaborator for 'Productions Centers (PC)', working with them. The
production centers are required to Setup Farms. They collect
components of software required for setting up farm from CMS and
install them locally. CMS production group is also responsible for
coordinating production activities, developing production tools,
which helps to keep track of status of assignments running locally
or by Regional Centers and keeping track of produced events during
different steps in production cycle. The data produced at the RC's
is transferred to CERN for archival. CERN/CMS group is also
responsible for maintaining these archives.
CMS Production in NCP
started in November 2002. After generating CMS Production events
successfully NCP was declared as Regional centre for CMS Production
in Pakistan in August 2003.
To boost NCP-CERN
collaboration; other production centers in Pakistan including PAEC1,
PAEC2, PAEC3, NUST, COMSATS are also participating in the CMS
Production. No single center can provide all the resources for the
production so a new concept of federation of centers was adapted to
pool down all the resources. Technical support is provided by NCP
regarding CMS Production software, PU data and other debugging
issues on regular basis via emails, telephonic conversations and
meetings at NCP. In December 2004, CMS Production phase shifted to
WLCG. NCP produced 1M CMKIN and 1M OSCAR events. The details of
these events generated in CMKIN and OSCAR were then presented in
CERN in the two of the production meetings. Since then the official
CMS production shifted to WLCG.
A firewall protects your computer
or a local area network (LAN) from external intrusions. It may
be a hardware device or a software program running on a secure
host computer. A firewall examines all traffic routed between
the two networks to see if it meets certain criteria. If it
does, it is routed between the networks, otherwise it is
stopped. Firewalls can filter packets based on their source and
destination addresses and port numbers. This is known as address
filtering.
In order to enhance the
protection of the Grid from external attacks, a firewall service
for the Grid components is desired. Such a firewall would need
to be distributed amongst the different node types, and its
rules would need to be built and updated dynamically in order
to:
Include the
different (sub)networks that may be used by a site
Dynamically
integrate and exclude Grid sites
Insure that the
rules have not been tempered with
NCP grid node is operational
since June 2004 with constant upgrades to middleware software
and hardware resources. Today we are running the latest
middleware on the NCP-LCG2 grid node. In May 2007, the
deployment team started to work on putting the grid node behind
a firewall. By end of June 2007, the firewall service has been
deployed and tested thoroughly. Final implementation was done in
the first week of July, 2007.
At the server side a database
keeps the records of genuine grid machines along with their IP
addresses and roles in the grid node. A web application checks
the clients connecting to the server and authorizes them if
their IP addresses exist in the database. Then based on the role
of each client the server publishes the firewall rules in Linux
iptables format files which client adopts.
At the client side, a small RPM
is installed with a single script that runs as a scheduled
process (cron job). This script pulls the published firewall
rule file from the server and verifies that the new
configuration allows it to have network access. It then installs
this new rule file on the host. It also provides a rollback
mechanism when the new configuration fails.
Using this
mechanism firewall rules for the whole grid site can be
updated/modified in no time. New nodes and roles (node types)
can be added. It also provides ease of management with a central
management server.
Team: Usman A. Malik, Sajjad Asghar,
Adeel ur Rehman, Sobia Aqeel
It describes the
Process of Network and Computing Resource Management in NCP. The
system is a web based application offering remote manipulation
by the end-users. The main purpose of this application is:
Manage
hardware components and specifications.
Record
complete details of software installed in a particular
hardware.
Record
complete details of hardware related to user.
Record
complete details of location with respect to office place and
network service where hardware is placed.
Record
operations performed on hardware and maintain history.
Three types of users can
interact with the system:
Administrator
Data Entry
Operator
Normal User
Users can login to
the system using their windows account information. Specific
rights will be assigned to them according to their roles.
Administrator can perform the
following operation:
Manage Role
Manage Privileges
Manage Hardware
Manage Location
Manage
Manufacturer
Manage H/W
Models
Manage Domain
Manage
Responsible Group
Manage Vendor
Manage Service
Manage
Interfaces
Search Hardware
Sign Request
Following privileges are assigned
to DEO:
Manage Hardware
Manage Location
Manage
Manufacturer
Manage H/W
Models
Manage Domain
Manage
Responsible Group
Manage Vendor
Manage Service
Search Hardware
Manage
Interfaces
User can:
Search for available device
Request new
connection for a device
Request to
modify a registered device
Request to move
and reconnect a device
Request to
remove a device from the network
Other automatic operations such
as history management, Reminders, Email notification are also
implemented in this system
PBS stands for the Portable Batch
System. It is a batch system that is based on a server and
client model. You define the master node as the batch master
(server) and the rest of the machines works as its clients.
There are other commercial batch systems available like LSF and
CONDOR. At NCP we use OpenPBS, a free and open source version of
the PBS. This free version is scalable and proficient for up to
800 nodes, which is more than our current or future needs. The
Computing Element (CE) in NCP-LCG2 grid node is acting as the
PBS master/server node, while the Worker Nodes (WN) are acting
as slave nodes.
Initially, the grid node
consisted of one server and fourteen (14) clients only, but as
the number of clients grow (which has now reached 80), managing
or troubleshooting errors in all clients one by one is very
tiring and time consuming. To provide efficient management and
troubleshooting of PBS server(s)/ and clients a PBS Monitor
system has been developed. The basic purpose of this system is
to provide all the logs from PBS servers or clients at a single
place which makes troubleshooting very easy. PBS log files from
all the server and client machines are parsed every ten minutes
using a scheduled (cron) job and the new entries (entries
generated after the last parsing) are uploaded to a central
server. This central server is running a web page which displays
all PBS nodes. Another parser is scheduled to run every ten
minutes on the server, which looks for known error codes and
problems in the log files. If it finds any problem or error
codes in the log files the color of corresponding PBS node on
the web page is changed to orange (in case of warning message)
or red (in case of critical errors). So one can find out a
possible problem just by looking at the web page rather than
digging it by logging onto several nodes one at each time. Email
alerts can also be generated in case of critical errors. This
would enable to monitor the system efficiently even if the
number of nodes grows to a very large scale.
The server also
compresses the big log files to save space.
Team: Usman A. Malik, Adeel ur Rehman,
Sobia Aqeel
“International Bhurban Conference
on Applied Sciences and Technologies” (IBCAST) is an
international conference organized by NCP. Main goal of AIRS is
to provide an online paperless Registration and Management
system for the IBCAST. It also provides information in such a
way that could be helpful to take decisions; it has a DSS
(Decision Support System) at a small scale which will grow with
the time span of conference. AIRS also provides reports for:
Program
coordinator
Organizing
committee
Administrator
Conference
registration was done by using this system.
Job Portal System
(JPS) was developed to facilitate the induction/recruitment of
fresh manpower in NCP. It is a web based portal developed using
JSP with MS SQL Server at the backend. All new job openings at
NCP are advertised on this portal. Candidates are required to
create a login after which they can create their online resume
and apply for an available job. Candidates can also update their
resume and apply for more than one jobs using same resume. The
job application links are disabled after the deadlines. The
employer (HR officials at NCP) can view all the candidates who
applied for a particular post, they can also mark a resume as
“eligible” or “not eligible” against a particular position.
Shortlisted candidates for a particular post can also be viewed
and their resumes can e printed. Queries based on different job
criteria can also be made to filter candidates.
NCP salary system
is one part of the ERP module that deals with financials. The
overall management of salaries is a tough job for people dealing
with finance. Following are some of the complexities in the
salary system. The salary includes number of allowances which
are either segregated by percentage or on the basis of
scales/grades of employees. These allowances can also be fixed
in some cases. On the other hand there are several deductions
that are also classified into different categories. Then some
special allowances have to be paid to only few of the employees.
Some members of the organization are also working on contracts
which mean that they receive a fixed remuneration every month.
The annual increments are based on joining dates, but some may
get advance increments as they join in. Some allowances also get
frozen at a certain date, and employees joining afterwards are
not entitled to receive them. Most of the allowances are based
on current basic pay of the employee, but some of them may be
calculated on basis of some previously existed basic pays.
Altogether these
general rules and exceptions make it very complex to manage
salaries of the entire organization. Salary systems cater for
all these requirements and provide one easy to use interface to
generate salary slips of all employees based on pre-defined
rules. One can modify the rules (add exceptions for allowances
and deductions) for all or any specific employees while
preparing the salary for a specific month.
It also caters for
unusual payments or deductions in form of arrears. It also
provides useful reports on individual or accumulative allowances
or deductions paid to different employees during the year. You
can also generate reports for sums paid to or deducted from
employees in specific scales for a specified period of time.
Using this system,
salary slips of all or selected employees are generated as PDF
files and are emailed to them, using an authorized signature of
the accounts officer by making use of an encrypted file which is
decrypted through a valid digital certificate.
The interface is
easy to use and provides all sorts of menus and keyboard
shortcuts to access different functions. Extensive error
checking and exception handling is also provided. The front end
is designed in Java with MS SQL server at the backend.
The Library's main
aim is to offer essential high quality services and provide
information support to students, researchers and
participants in the activities organized by the Centre.
Library Information
Management System (LIMS) at NCP aims to provide a platform for
day to day transactions regarding library Items (Books, CDs,
journals, magazines etc) management.
The system is a web based application
offering remote manipulation by the users.
There are three types of LIMS users based on their privileges:
Administrator
DEO Entry
Operator (DEO)/Circulation Desk Operator (CDO)
End Users
(Staff, Students, Faculty)
Administrator can
perform the following operations:
User
Management/Search User
Catalog
Management/Search Item
Circulate Items
Report
Generation
View Site Logs
CDO can perform the
following operation:
Search User
Circulate Item
Report
Generation
Following
privileges are assigned to LIMS DEO:
Search User
Catalog
Management/Search Item
Report
Generation
Registered users
can:
Search and
reserve library items
Post their
suggestions
Other library
management operations such as fine calculation, over due items
reminders, reservation quota checks are also implemented in LIMS.
