The Calar Alto Computer System

(Last updated on June 2009)





1. Introduction and a little of history


2. General overview of Calar Alto Network


3. External Communications

4. Virtualization

5. Services





1. Introduction and a little of history


It is known that a scientific centre must have the latest technology. Calar Alto Observatory has made a big effort in the past, and it is still doing it, for ensuring an advanced computer environment to all the staff (scientific, technical and administrative) working at the Centre. This article will suffer an evolution together with Calar Alto Computer System, so you can see the state of the art of our system while the time passes. 




Let's start with some of our history to see the evolution from the initial steps into the actual situaton.




Since early 90's the Calar Alto Computer System has grown in a very fast way. We have grown from the old PDP 11, passing through SUN Ultra/Fire workstations, to the actual PC machines and virtualized environment. At the beginning, we created the first coax network, sharing a 10Mbps. bandwidth between all the systems. That was a big advance, as at that moment, we entered into the communications world. This network was moved later into a switched Twister Pair / Fibre Optics Giga/Fast Ethernet allowing the new fast workstations to work with dedicated 100Mbps. Last two years we modified a lot all internal communications, as we see later. The external network attached to the Internet has also experienced a big jump, from the starting 9600 Bps. bandwidth, moving to 8Mbps. microwave link first and then to the actual 200Mbps (symetrical) using the same microwave technology. As well the Operating Systems are been replaced frequently for having the latest utilities and facilities. In this aspect we have moved from the initial SunOS 4.1.3 to Solaris 2.4, and from that one to Solaris 8, Solaris 9 and Solaris 10. As you can see, we covered different steps until the actual state. Once on the new century, we started another big movement: the service transition between Solaris to Linux. This transition is finished today but, as the instrumentation computers still use Solaris, this could take some time until all Solaris machines are gone. But the effort of giving the main services (DNS, mail, applications, DHCP, printer queues...) under Linux operating environment is finished already. 




This article tries to show all the actual Computer System at Calar Alto (June 2009).The intention in not going deep into the technical concepts of all the system. This would cover near a book. The idea is giving a general understanding of the whole system, how it is designed and how it is working at the present.


As a complement of this article, you can see here the yearly news. On those pages, you can see part of the recent Computer Department history. The first news release was for year 1999. Since then, until the present, you can see the evolution of the CAHA Computer System. 


It is time now to see a general overview of the internal network that joins the whole Information System. 






2. General overview of Calar Alto Network


On the next figure, you can see how the Calar Alto Internal Network is on the moth of June of 2009.



We are working at present on this scheme, so probably, when you read this, we will have already upgraded some of the above links. The final idea is having the complete main ring (the STP ring) at a 10Gbps bandwidth and the 1.23m and the hotel running at 2Gbps. But we are working also on having a real semi-meshed network, so if some of the building is down, the rest can still working. 


On the above figure, you can see also that the most important points of the network have 1Gbps direct connection to the computer. This will be true also for other parts that, at the moment, only have 100Mbps connection to computers (i.e. the library)





3. External communications 



3.a Microwave Link
We belong to the Scientific and Research Spanish Network (RedIRIS). Its branch in Andalucía is RICA Network, which it is managed at CICA (Sevilla). For this reason, our natural way out is connecting to the University of Almería's CICA Presence Point. This is our main gate to Internet.
Our Microwave link is connected, then, to CICA's router at the Almería's University side. There is direct view between the building where our antenna is at Calar Alto and the building where the other side of the link lives at the Almería's University. The distance is 50 Kms. The link operates on the 15Ghz band. 
Our initial link, had a bandwidth of  9.600 bps. Obviously this could be enough at the beginning, but soon it became a very poor link. The  first solution taken in the past, was a Satellite rented link of 96Kbps data bandwidth, directly connected to our Institute at Heidelberg. This was so because the way we worked on the past. Our coleagues from Heidelberg needed to be connected with Calar Alto for developing some instrumentation software, so they needed better communication lines that those general 9.6Kbps. But for the rest of the world we still had a point to point 9.6Kbps connection.
With the situation explained above, Heidelberg communications were a little faster, and very reliable but normal external computer communications, not going to Heidelberg, were terrible slow. Surfing the web was a tedious and, from time to time, impossible work. The solution for this situation was the Microwave Link. 
Next step came on 1997. We decided to buy a private link to Almería University for improving computer connections to the world. After speaking with people responsible for computers at the University, and with the Telecommunication Department in Almería, we decided to buy a Microwave Link from Ericsson and arrange the whole project. Now, from this publication I want to give thanks to both University people and Telecommunications Department, without their help the project couldn't be done. The Microwave Link was working on the 15Ghz. band, and had four 2Mbps. (symmetrical) links (so up to 8Mbps). With two 1.8m. antennas, one located on the "Telefónica" building at Calar Alto, and the other one onto the "Edificio de Matemáticas" at the Almería University, with a physical separation of 50Km., the link started working with a 2Mbps. bandwidth on June 1998. Once the link was working, we changed the router configuration, so all packets were routed through the Microwave Link to the University. Finally, on 2001, the link was upgraded to use the whole capacity (8Mbps) and later, the Satellite link was disconnected. 
The final step is still recent. Last year we changed the Ericsson link. The new one, a DragonWave Horizon, started working early this year (2009) at a 100Mbps (symmetrical) bandwidth, and since april, it is at its maximum bandwidth: 200Mbps (again symmetrical). This is how are now our external connections. 
3.b Almeria's Office and IPSec communications
Our installations comprise the whole Calar Alto Campues and a central office in the middle of Almería city, mainly for administrative purposes. At the beginning, that office was only connected to Internet via independent modems on each of the computers working there. No network between them. From late February 2001, there is a Microsoft Network running on that place, with all the PC's connected. After the network was set up a Cisco 801 was prepared to connect the Office with the mountain network via a permanent ISDN link. Almería's Office Network is a Private Network and addresses are converted via NAT protocol on the router. That network also has a DHCP server, so any person visiting our office with a laptop can use our network resources.
Again, the speed was not enough, mainly due to the grow of Calar Alto needs. More people working at the office lead to think on another kind of lines. As stated above, the phone cupper pair is not reaching the mountain. Again, at Calar Alto Campus, phones are also developed with a Microwave link. So no  ADSL can be ported to the top of our mountain. 
The definitive communication project between Almería's Office and Calar Alto (and also for the office way out) was done on mid 2004. We rented a 2Mbps ADSL link (later upgraded to 10Mpbs) at the office. The office will go out through this line directly (via firewall) to Internet, except for the communications between Calar Alto Network and the Office (and vice versa), which are achieved with an IPSec Tunnel that is build between the two firewalls (one at the Office and another at the mountain). This ensure secure transactions between our two centres.
4. Virtualization

Although virtualization is not a real new technology, it is now taking an important role in data centers. The benefits are multiple. Virtualization is allowing servers consolidation. In such way, a physical server can have multiple virtualized servers, reducing costs and giving some important functions to the IT managers. One of them is the ability of moving virtualized servers from one physical machine to another in case of the first physical computer fails. 


All of these have beein implemented in Calar Alto last years. We have moved from a big number of physical servers into a reduced one that have all the old servers virtualized inside. 


Next figure shows how were servers arrangement before virtualization:





And next one presents how everything is after virtualization:





As you can see, now we have three big physical computers that hold all the virtual servers inside. But the main advance is that we can move a virtualized server from one physical machine into another. In fact, the third computer holds all spare servers. If we have problems with a virtualized server in a server, we can stop it and start it on the spare physical computer so we can continue working while fixing problems on the original virtual server. Next step will be Windows computers virtualization


5. Services 

We are giving to our users, all kind of services such as DNS, DHCP, Mail accounts, etc... 


Dinamic IP (DHCP) is offered everywhere at our Centre. This service will suffer some modifications soon. When this happens, I'll inform about them in this  pages. One part of this service is the wireless connections. You have wireless at the Hotel Hall and at the Laboratory.


Videoconferencing system is also allowed and we belong to the Global Dialing Scheme (GDS), with a linux gateway running on a special server.  

But I have to speak deeper about one special service, may be the most popular and the most widely used. I'm referring to the electronic mail service. You can see here a complete explanation of this importatn service.  I suggest you to follow the above link. But I'd like to say here a couple of words about the special added value our mail is offering: On June 2005 we obtained the RedIRIS RACE qualification for mail services. This is a quality certification given by the Spanish Scientific and Academic Netwicono_nivel_avanzado ork Institution (RedIRIS). This certificate is only obtained after the service has observed several severe security and quality specifications. There are 3 levels of qualifications. The first one is the "Basic Level". Do not be confused with the "Basic" word. It is not used in a pejorative way. In fact, as said on the RACE page, if an Institution has the "RACE Basic Level", it is given an excelent mail service, as it is observing the main security rules and has also some added value to the service. The second level, is the "Medium Level". In this one, there are more services offered to mail users, as well as improved security measures. The last level is the "Advanced Level", which includes some special features. On 2005, Calar got the "Medium Level". In 2008, RedIRIS developed the second revision of the certificate: RACEv2. We updated our service and finally on August 2008 we obtained the "Advanced Level".
Please, visit the RACEv2 page for a deep explanation on the requisites that any Institution has to observe to be given any of the RACE Levels. Also, you can see here the Institutions with the RACEv2 Certification. 

9th Edition - June 2009 
Enrique de Guindos (ext. 517)