Information regarding Nevis computing infrastructure

Here is a link to the Nevis website.

Contacts for Nevis/Astrophysics Lab

For 914-591-xxxx numbers, you can dial 72-xxxx from Morningside Campus


  • Sys Admin: David Secrest (secrest), Pupin 1008A
  • Staff: Marcela Stern (mstern), 1st floor, Cyclotron building, 914-591-2893

Aprile Group

  • PI: Elena Aprile (age), Pupin 1016
  • bay area, Cyclotron building, 914-591-2825
  • Karl-Ludwig Giboni (kgiboni)
  • Guillaume Plante (guillaume)
  • Ran Budnik (ranny)
  • Alfio Rizzo (edo)

Hailey Group

  • PI: Chuck Hailey (chuckh), Pupin 1018
  • Melania Doll (mdoll)

Savin Group

  • PI: Daniel Wolf Savin (savin), Pupin 1210C
  • basement, Cyclotron building, 914-591-2874
  • Aodh O'Connor (aodh)
  • Julia Stützel (julia.stuetzel)
  • Ken Miller (kmiller)

Miller Group

  • PI: Amber Miller (amber@phys), Pupin 1024
  • bay area, Particle Physics building, 914-591-2835
  • Michele Limon (limon)
  • Britt Reichborn-Kjennerud (britt@phys)
  • Seth Hillbrand (seth@phys)

Network Information for Astro/RARAF at Nevis

IP range:

CUIT handles nameserver records, both forward and reverse.


IP Address:

CUIT manages a router that is physically located in the Nevis Particle Physics research building, which is the first red-brick building you see when you enter the Nevis driveway; the Cyclotron building is the one behind it, with the big round windows, and that's where the Astro/RARAF groups work. That CUIT router is in a locked cabinet. CUIT takes care of the network traffic from the outside world into the Nevis research building.


Four Ethernet cables come out of that cabinet, two for Astro/RARAF and two for Particle Physics. Of each pair, one is a direct link to the microwave dish on top of the research building; that link goes to Lamont-Dougherty across the Hudson River, then down to Columbia. The other is a link to a central network hub in White Plains. Under normal conditions, all the traffic goes through Lamont, and the rest goes through White Plains; however, each link acts as a backup for the other.

The Astro/RARAF pair of cables connects to a Cisco SG300-10 (10 port) switch ( Some of the other ports on that switch are connected to the bay area of the Particle Physics building for the Miller group. And there is a Proline MGBSX1-CDW SFP (mini-GBIC) (850 nm) 1000Base-SX fiber transceiver module (equivalent to the Cicso MGBSX1 SFP transceiver module) in that switch that connects to a 62.5/125 µm fiber line from the Particle Physics building to the Cyclotron building. That is the network link to the outside world for the Cyclotron building. The fiber module on the switch has LC connectors while the connector box on the wall for the line to the Cyclotron building has ST connectors. An LC/ST 62.5/125 µm fiber patch cable connects the two.

That line from the Particle Physics building comes into a connector box (with ST connectors) located on the second floor at the northwest corner of the Cyclotron bay. It is connected with an LC/ST 62.5/125 µm fiber patch cable into a

Cicso SG300-28 (28 port) switch (

also with a

Proline MGBSX1-CDW SFP (mini-GBIC) (850 nm) 1000Base-SX fiber transceiver module.

Other connections into that switch go to various other parts of the Cyclotron building.

Wireless Network

There are two wireless access points, one located next to the switch on the second floor, and one almost directly below that on the first floor. They are both

Asus WL-520gU wireless routers running dd-wrt (firmware: v24-sp2 (01/01/09) mini-usb-ftp - build 11296M NEWD)

SSID: Cyclotron

They are running as access points that forward DHCP requests to and from the DHCP server, so machines connecting wirelessly will pick up public IP addresses.

The AP on the first floor (cyclotron1) is running on channel 2 (2.417 GHz) and the one on the second floor (cyclotron2) is running on channel 9 (2.452 GHz).

There is no wireless key. (This is not such a security concern because all the ip addresses on the network are already public. It could provide Internet access to people outside the building and, potentially, be a spam launching point, but given its fairly remote location, that is not so great a concern.)

Astro/RARAF DHCP server

IP Address:
DHCP Address pool:

It is connected to a UPS.

It is set to reboot when power is restored after a power failure.

IP Assignments

Switch PortIP AddressMAC AddressOSGroupUserComputer NameDNS Name
24129.236.254.100000C07AC01Cisco IOSCUIT
24129.236.254.20009E8299D41Cisco IOSCUIT
24129.236.254.3000BBF773819Cisco IOSCUIT SG 300-10 SG 300-28 Ricoh Aficio 1060 printer Color LaserJet CP4025dn LaserJet Pro 500 color MFP M570dn printer/scanner/
15129.236.254.11000102D0DD42ubuntu preciseAstro/RARAFDHCP
10129.236.254.1400248C65BC08dd-wrtAstro/RARAFwireless AP
13129.236.254.1500248C65B8C3dd-wrtAstro/RARAFwireless AP
3129.236.254.190030C1ACB041HP 2500CMAprileprinter
3129.236.254.20000400181448 printer printer Aprile 98Hailey Miller MFC-9840CDWHaileyprinter Aprile HL-6050DNHaileyprinter Laserjet OS XHaileyserverNuSTAR-servers Haileysensor door security? door security? door security? door security? door security? security camera? security camera? security camera? security camera? Stützel Marcela Marcela
4129.236.254.8000188BB1B46A RARAF
4129.236.254.81000E351C234D AprileMaria Elena Monzani
4129.236.254.85001143528F65 RARAFAlan
4129.236.254.86000C7670B586 RARAFGuy Y ISS-423 binc zion401 binc RARAFGiuseppe Schettinoschettino RARAFBrian Ponnaiyabrian
3129.236.254.125000E7FE36C98HP Color LJ 3700dtn printerneviscolor


There have historically been power failure problems at Nevis. There is a backup generator, but not all systems are connected to the generator.

Remote Access to Nevis Office Computers (Windows)

Since the following allows accessing your computer remotely, make absolutely sure that all user accounts your computer has are secured with a good password.

On your office computer (has to run Windows XP, possibly works also with Windows Vista), open the System Properties dialog (start->right-click on "My Computer"->"Properties"). Go to the "Remote" tab and mark the checkbox "allow users to connect remotely to this computer". Click the "Select remote users" button. In the dialog that pops up, click "Add" to open the "select" users dialog. Click "Advanced" to expand the checkbox, and then click "Find Now". Mark all users that you want to give remote access to (use ctrl+click to select more than one user). Then hit ok on all the windows that were opened in the process of getting here.

Go to start->run and type "cmd" to open a console. Enter the command


and write down your IP address.

On another Windows XP computer, you can now go to start->"all programs"->accessories->communications->remote desktop connection. Enter your computer's IP address there. You will be connected with your office computer, and have to enter your office computer's login name and password in order to log in.

If the computer you are connecting from runs Windows 2000 or earlier, you will have to install a Windows Remote Desktop Client to be able to access your office computer.

You'll notice that you can't reboot a remote computer from the normal start menu. If you need to reboot the remote computer for any reason, hit CTRL+ALT+END to open the task manager on the remote computer (note that CTRL+ALT+DELETE will open the task manager on the client computer). You can select to reboot the computer from there.

Securing Windows Remote Desktop

It is highly recommended to follow these step-by-step instructions to increase the security of your remote desktop connection system (i.e. to prevent someone to break in). Even after you have followed those steps, you are still vulnerable to so-called man-in-the-middle-attacks. This can be secured using SSH, as explained in the following.

The last paragraph on the page explaining how to increase the security of Windows Remote Desktop motivates why it's a good idea to additionally secure your Windows Remote Desktop connection with SSH. You'll need to configure an SSH Server on your office computer, and you will need an SSH client software on the computer you are connecting from (the client computer). The following helps you set up an SSH server on your host computer, and then you'll tunnel the Windows Remote Desktop connection through the SSH client putty.

On the office computer, install and configure Cygwin with OpenSSH (follow this detailed step-by-step tutorial until the end of the section explaining how to configure the Windows XP firewall). On the client computer, download and run the putty Windows installer. Then follow this tutorial on how to configure putty for the Windows Remote Desktop connection. In that tutorial, the computer names entered in "Destination" and "Gateway/Host Name" are different. If your office computer is one at Nevis, both these computers are actually your office computer, so enter your office IP address instead of the tutorial's fictional computer names.