Information regarding Nevis computing infrastructure

Here is a link to the Nevis website.

Contacts for Nevis/Astrophysics Lab

For 914-591-xxxx numbers, you can dial 72-xxxx from Morningside Campus

General

  • Sys Admin: David Secrest (secrest), Pupin 1008A
  • Staff: Marcela Stern (mstern), 1st floor, Cyclotron building, 914-591-2893

Aprile Group

  • PI: Elena Aprile (age), Pupin 1016
  • bay area, Cyclotron building, 914-591-2825
  • Karl-Ludwig Giboni (kgiboni)
  • Guillaume Plante (guillaume)
  • Ran Budnik (ranny)
  • Alfio Rizzo (edo)

Hailey Group

  • PI: Chuck Hailey (chuckh), Pupin 1018
  • Melania Doll (mdoll)

Savin Group

  • PI: Daniel Wolf Savin (savin), Pupin 1210C
  • basement, Cyclotron building, 914-591-2874
  • Aodh O'Connor (aodh)
  • Julia Stützel (julia.stuetzel)
  • Ken Miller (kmiller)

Miller Group

  • PI: Amber Miller (amber@phys), Pupin 1024
  • bay area, Particle Physics building, 914-591-2835
  • Michele Limon (limon)
  • Britt Reichborn-Kjennerud (britt@phys)
  • Seth Hillbrand (seth@phys)

Network Information for Astro/RARAF at Nevis

IP range: 129.236.254.1-126
Netmask: 255.255.255.128
Gateway: 129.236.254.1
DNS: 128.59.1.3, 128.59.1.4

CUIT handles nameserver records, both forward and reverse.

Router

IP Address: 129.236.254.1

CUIT manages a router that is physically located in the Nevis Particle Physics research building, which is the first red-brick building you see when you enter the Nevis driveway; the Cyclotron building is the one behind it, with the big round windows, and that's where the Astro/RARAF groups work. That CUIT router is in a locked cabinet. CUIT takes care of the network traffic from the outside world into the Nevis research building.

Switches

Four Ethernet cables come out of that cabinet, two for Astro/RARAF and two for Particle Physics. Of each pair, one is a direct link to the microwave dish on top of the research building; that link goes to Lamont-Dougherty across the Hudson River, then down to Columbia. The other is a link to a central network hub in White Plains. Under normal conditions, all the columbia.edu traffic goes through Lamont, and the rest goes through White Plains; however, each link acts as a backup for the other.

The Astro/RARAF pair of cables connects to a Cisco SG300-10 (10 port) switch (donati.astronevis.columbia.edu). Some of the other ports on that switch are connected to the bay area of the Particle Physics building for the Miller group. And there is a Proline MGBSX1-CDW SFP (mini-GBIC) (850 nm) 1000Base-SX fiber transceiver module (equivalent to the Cicso MGBSX1 SFP transceiver module) in that switch that connects to a 62.5/125 µm fiber line from the Particle Physics building to the Cyclotron building. That is the network link to the outside world for the Cyclotron building. The fiber module on the switch has LC connectors while the connector box on the wall for the line to the Cyclotron building has ST connectors. An LC/ST 62.5/125 µm fiber patch cable connects the two.

That line from the Particle Physics building comes into a connector box (with ST connectors) located on the second floor at the northwest corner of the Cyclotron bay. It is connected with an LC/ST 62.5/125 µm fiber patch cable into a

Cicso SG300-28 (28 port) switch (halley.astronevis.columbia.edu)

also with a

Proline MGBSX1-CDW SFP (mini-GBIC) (850 nm) 1000Base-SX fiber transceiver module.

Other connections into that switch go to various other parts of the Cyclotron building.

Wireless Network

There are two wireless access points, one located next to the switch on the second floor, and one almost directly below that on the first floor. They are both

Asus WL-520gU wireless routers running dd-wrt (firmware: v24-sp2 (01/01/09) mini-usb-ftp - build 11296M NEWD)

SSID: Cyclotron

They are running as access points that forward DHCP requests to and from the DHCP server, so machines connecting wirelessly will pick up public IP addresses.

The AP on the first floor (cyclotron1) is running on channel 2 (2.417 GHz) and the one on the second floor (cyclotron2) is running on channel 9 (2.452 GHz).

There is no wireless key. (This is not such a security concern because all the ip addresses on the network are already public. It could provide Internet access to people outside the building and, potentially, be a spam launching point, but given its fairly remote location, that is not so great a concern.)

Astro/RARAF DHCP server

IP Address: 129.236.254.11
hostname: makemake.astronevis.columbia.edu
DHCP Address pool: 129.236.254.80-125

It is connected to a UPS.

It is set to reboot when power is restored after a power failure.

IP Assignments

Switch PortIP AddressMAC AddressOSGroupUserComputer NameDNS Name
24129.236.254.100000C07AC01Cisco IOSCUIT
24129.236.254.20009E8299D41Cisco IOSCUIT
24129.236.254.3000BBF773819Cisco IOSCUIT nevis-gw-fe-astrophysics.net.columbia.edu
129.236.254.500083029D605Cisco SG 300-10 switchdonatidonati.astronevis.columbia.edu
129.236.254.620370632C5D5Cisco SG 300-28 switchhalleyhalley.astronevis.columbia.edu
129.236.254.7 Ricoh Aficio 1060 printer aficio.astronevis.columbia.edu
129.236.254.8A0B3CC9AFD8EHP Color LaserJet CP4025dn printermosquitomosquito.astronevis.columbia.edu
129.236.254.93CA82AF5AE69HP LaserJet Pro 500 color MFP M570dn printer/scanner/faxcicadacicada.astronevis.columbia.edu
15129.236.254.11000102D0DD42ubuntu preciseAstro/RARAFDHCP Servermakemakemakemake.astronevis.columbia.edu
129.236.254.12 nanook.astronevis.columbia.edu
129.236.254.13 barricade.astronevis.columbia.edu
10129.236.254.1400248C65BC08dd-wrtAstro/RARAFwireless AP cyclotron1.astronevis.columbia.edu
13129.236.254.1500248C65B8C3dd-wrtAstro/RARAFwireless AP cyclotron2.astronevis.columbia.edu
3129.236.254.190030C1ACB041HP 2500CMAprileprinter
3129.236.254.20000400181448 raraf1.raraf.columbia.edu
129.236.254.21 raraf2.raraf.columbia.edu
129.236.254.22 raraf3.raraf.columbia.edu
129.236.254.23000D569B8F29 raraf4.raraf.columbia.edu
129.236.254.24000102E7ABA4 raraf5.raraf.columbia.edu
129.236.254.25 raraf6.raraf.columbia.edu
129.236.254.26 raraf7.raraf.columbia.edu
129.236.254.27 raraf8.raraf.columbia.edu
129.236.254.28 raraf9.raraf.columbia.edu
129.236.254.29 raraf10.raraf.columbia.edu
129.236.254.30 raraf11.raraf.columbia.edu
129.236.254.31 raraf12.raraf.columbia.edu
129.236.254.32 raraf13.raraf.columbia.edu
129.236.254.33 raraf14.raraf.columbia.edu
129.236.254.34000AE4145B84 raraf15.raraf.columbia.edu
129.236.254.350030AB1DAAF6 raraf16.raraf.columbia.edu
129.236.254.36080009A8D3C5HP printer printer hp-nevis.astronevis.columbia.edu
129.236.254.3700219B729C0CWindowsHailey NUSTAR_SCANNERnustar-scanner.astronevis.columbia.edu
129.236.254.38002590561394Linux Aprile bellinibellini.astronevis.columbia.edu
129.236.254.3980C16EF2BE34LinuxAprile decurtisdecurtis.astronevis.columbia.edu
129.236.254.4080C16EF2BE39LinuxAprile defilippodefilippo.astronevis.columbia.edu
129.236.254.4100C04FB8C368Windows 98Hailey Scan_Labscan-lab.astronevis.columbia.edu
129.236.254.42001D097C9E8CWinXPHailey slumplab.astronevis.columbia.edu
129.236.254.43002129964116 Miller cosmolab.astronevis.columbia.edu
129.236.254.4400234D1FC4BABrother MFC-9840CDWHaileyprinter astro14.astronevis.columbia.edu
129.236.254.45000D56F7E369Linux Aprile astro15.astronevis.columbia.edu
129.236.254.4600065B5EFD20Linux?Miller ebex.astronevis.columbia.edu
129.236.254.47 astro17.astronevis.columbia.edu
129.236.254.48001C251897CB astro18.astronevis.columbia.edu
129.236.254.4900142224D580LinuxAprile astro19.astronevis.columbia.edu
129.236.254.5064315026899ALinuxAprileDAQ astro20astro20.astronevis.columbia.edu
129.236.254.5100807736ABDCBrother HL-6050DNHaileyprinter scanprinter.astronevis.columbia.edu
129.236.254.52000F1F97A098WinXP/Ubuntu64SavinHjalmar Bruhnsklaatuklaatu.astronevis.columbia.edu
129.236.254.5300142239C7ADWinXP/Ubuntu64SavinBohdan Sereyukmarvinmarvin.astronevis.columbia.edu
129.236.254.540800111BAD49OscilloscopeSavin savinscope1.astronevis.columbia.edu
129.236.254.5500D0C99E344DWinXPSavinlab computerrossumrossum.astronevis.columbia.edu
129.236.254.56082E5FBC9615HP Laserjet P3015SavinprinterNPIBC9615savinprinter.astronevis.columbia.edu
129.236.254.57001111647240WinXPSavinserverbishopbishop.astronevis.columbia.edu
129.236.254.580023DFFF1BA9Mac OS XHaileyserverNuSTAR-servers
129.236.254.59C42C030BA360??serverrmcfserver
129.236.254.60001F1F35A6A8??serverAssemblyDAQ
129.236.254.61001F1F35A555??serverAssemblyDAQ2
129.236.254.620C60765D9A54??serverBRN001BA920C467
129.236.254.640026F2ABEB26 Haileysensor commodore.astronevis.columbia.edu
129.236.254.650018C800175C door security?
129.236.254.660018C800172F door security?
129.236.254.670018C8001769 door security?
129.236.254.680018C800176E door security?
129.236.254.690018C8001762 door security?
129.236.254.7000408C9DAD20 security camera?
129.236.254.7100408C9D6C77 security camera?
129.236.254.7300408C9DAFD8 security camera?
129.236.254.7400408C9D6C75 security camera?
129.236.254.75003067564CEAWin7SavinJulia Stützel eve.astronevis.columbia.edu
129.236.254.760016EC1FE3F6WinXP Marcela Sternbeyondbeyond.astronevis.columbia.edu
129.236.254.771803732D703AWin7 Marcela Sternzephyrzephyr.astronevis.columbia.edu
4129.236.254.8000188BB1B46A RARAF xurarafdynamic1.astronevis.columbia.edu
129.236.254.810011435FE16DWinXPHaileyColin HawthornHAWTHORNdynamic2.astronevis.columbia.edu
4129.236.254.81000E351C234D Gerharddynamic2.astronevis.columbia.edu
129.236.254.820017F2F1CE8A AprileMaria Elena Monzani dynamic3.astronevis.columbia.edu
129.236.254.8300095BD1F96F netgeard1f96fdynamic4.astronevis.columbia.edu
4129.236.254.84000D56A9F08D Stevedynamic5.astronevis.columbia.edu
4129.236.254.85001143528F65 RARAFAlan BigelowBigelowdynamic6.astronevis.columbia.edu
4129.236.254.86000C7670B586 dynamic7.astronevis.columbia.edu
129.236.254.87000FB570B8F8WindowsRARAF MB2offlinedynamic8.astronevis.columbia.edu
129.236.254.88 dynamic9.astronevis.columbia.edu
129.236.254.89 dynamic10.astronevis.columbia.edu
129.236.254.90 dynamic11.astronevis.columbia.edu
129.236.254.91 dynamic12.astronevis.columbia.edu
129.236.254.9200308494796D RARAFGuy Y Gartygartydynamic13.astronevis.columbia.edu
129.236.254.93 dynamic14.astronevis.columbia.edu
129.236.254.94 dynamic15.astronevis.columbia.edu
129.236.254.950017F2DCAD27 yamacdynamic16.astronevis.columbia.edu
129.236.254.96000874EB76D7Win2003 ServerHaileyserverscan-dcdynamic17.astronevis.columbia.edu
129.236.254.97 dynamic18.astronevis.columbia.edu
129.236.254.98 dynamic19.astronevis.columbia.edu
129.236.254.990018F3276BB1WindowsAprileRoberto Santorelliastrohpdynamic20.astronevis.columbia.edu
129.236.254.10000065B5EFD20Windows gsk-01dynamic21.astronevis.columbia.edu
129.236.254.10100184D2C2FDA dynamic22.astronevis.columbia.edu
129.236.254.102000AE4145B85WindowsRARAF RARAFserverdynamic23.astronevis.columbia.edu
129.236.254.103 dynamic24.astronevis.columbia.edu
129.236.254.104 dynamic25.astronevis.columbia.edu
129.236.254.105 dynamic26.astronevis.columbia.edu
129.236.254.1060013722376D9 ISS-423
129.236.254.1060010C6C0FF0A binc
129.236.254.10800B0D0C47935 zion401
129.236.254.1090013CE591103 binc
129.236.254.111120859000970 RARAFGiuseppe Schettinoschettino
129.236.254.1120060977785C9 RARAFBrian Ponnaiyabrian
129.236.254.1130019E3000CC7
129.236.254.11700E081347F80
3129.236.254.125000E7FE36C98HP Color LJ 3700dtn printerneviscolor

Power

There have historically been power failure problems at Nevis. There is a backup generator, but not all systems are connected to the generator.

Remote Access to Nevis Office Computers (Windows)

Since the following allows accessing your computer remotely, make absolutely sure that all user accounts your computer has are secured with a good password.

On your office computer (has to run Windows XP, possibly works also with Windows Vista), open the System Properties dialog (start->right-click on "My Computer"->"Properties"). Go to the "Remote" tab and mark the checkbox "allow users to connect remotely to this computer". Click the "Select remote users" button. In the dialog that pops up, click "Add" to open the "select" users dialog. Click "Advanced" to expand the checkbox, and then click "Find Now". Mark all users that you want to give remote access to (use ctrl+click to select more than one user). Then hit ok on all the windows that were opened in the process of getting here.

Go to start->run and type "cmd" to open a console. Enter the command

ipconfig

and write down your IP address.

On another Windows XP computer, you can now go to start->"all programs"->accessories->communications->remote desktop connection. Enter your computer's IP address there. You will be connected with your office computer, and have to enter your office computer's login name and password in order to log in.

If the computer you are connecting from runs Windows 2000 or earlier, you will have to install a Windows Remote Desktop Client to be able to access your office computer.

You'll notice that you can't reboot a remote computer from the normal start menu. If you need to reboot the remote computer for any reason, hit CTRL+ALT+END to open the task manager on the remote computer (note that CTRL+ALT+DELETE will open the task manager on the client computer). You can select to reboot the computer from there.

Securing Windows Remote Desktop

It is highly recommended to follow these step-by-step instructions to increase the security of your remote desktop connection system (i.e. to prevent someone to break in). Even after you have followed those steps, you are still vulnerable to so-called man-in-the-middle-attacks. This can be secured using SSH, as explained in the following.

The last paragraph on the page explaining how to increase the security of Windows Remote Desktop motivates why it's a good idea to additionally secure your Windows Remote Desktop connection with SSH. You'll need to configure an SSH Server on your office computer, and you will need an SSH client software on the computer you are connecting from (the client computer). The following helps you set up an SSH server on your host computer, and then you'll tunnel the Windows Remote Desktop connection through the SSH client putty.

On the office computer, install and configure Cygwin with OpenSSH (follow this detailed step-by-step tutorial until the end of the section explaining how to configure the Windows XP firewall). On the client computer, download and run the putty Windows installer. Then follow this tutorial on how to configure putty for the Windows Remote Desktop connection. In that tutorial, the computer names entered in "Destination" and "Gateway/Host Name" are different. If your office computer is one at Nevis, both these computers are actually your office computer, so enter your office IP address instead of the tutorial's fictional computer names.