Deliver modern IT infrastructure, services, and platforms

IAM controls
This figure illustrates the management and access controls IAM encompasses to enhance compliance and decrease the risk of damage from both external and internal threats.

CISL supports the hardware and software infrastructure for many of UCAR’s information technology (IT) services including the Domain Name Service, Active Directory (AD), federated services, web content management system, software revision control systems, and systems administration support. CISL will evolve these services to enable platform-as-a-service models; enhance and enable storage, data protection, and archive services; enable additional single sign-on access to systems and applications located across organizational boundaries; and provide and promote virtualized computing services. CISL will also identify, promote, and implement common software development tools (e.g., GIT, Wiki, and automation tools).

CISL’s expertise and synergy in designing and provisioning cyberinfrastructure is essential to effectively managing and operating enterprise IT, supercomputing, cybersecurity, and communication services. The rapid pace of change in IT positions enterprise IT as a key enabler for scientific productivity.

CISL continues to provide a UCAR-wide leadership role in an Identity and Access Management (IAM) effort. During FY2017 CISL’s Enterprise Infrastructure Operations (EIO) group implemented Active Directory Federation Services (ADFS), converted base authentication to AD, identified and converted key business applications, and provisioned new ones such as uProcure and Concur. This component is essential for a unified IAM service promoting single sign-on. Finally, CISL and other parts of UCAR partnered in moving all UCAR visitors and collaborators to AD to utilize AD authentication methods for access to UCAR resources.

During FY2017 CISL’s Software and Web Engineering Group (SWEG) continued to deliver services supporting overall UCAR IT services as well as NCAR’s High Performance Computing (HPC) services. SWEG has continued to evolve the management of the NCAR GitHub organization and promoted IT usage across the organization. GitHub represents a more modern approach that enables both self-service capabilities for developers but also enables broader visibility and collaboration tools for our open source software projects. At the end of FY2017 we had 734 software repositories and almost 600 users, representing the largest single source catalog of software at UCAR/NCAR and approximately double the usage from FY2016. SWEG continued to support Drupal as the content management platform for the organization. SWEG continued a Drupal cloud-hosting pilot aimed at delivering higher availability with more efficient development workflows. The Drupal effort also included first usages of Drupal 8 and included a major step forward in the adoption of new web GUI tools and frameworks. SWEG also engaged in a partnership project with UCAR Communications and the NCAR Directorate for implementing a new mobile-first theme and NCAR/UCAR/UCP umbrella sites. SWEG continued supporting PeopleDB, in particular the integration with AD to support automated account-creation workflows. SWEG also continued the ongoing development SAM. In particular this year, the SAM software was integrated with the XSEDE XDMOD system to streamline gathering job metrics and creating a more cohesive set of HPC Business Intelligence tools. This effort included CISL’s first production uses of Docker, which may pave the way for delivering Docker capabilities across the organization.

EIO also migrated the majority of their servers and services to the VMware vSphere environment. This includes DNS, FTP, DHCP, ADFS, etc. This common hypervisor reduces complexity in the enterprise environment and has allowed EIO to retire a two-node KVM hypervisor cluster that hosted enterprise services. The vSphere environment has expanded and also allows UCAR staff to run additional virtual machines (VMs) offered as Infrastructure as a Service (IaaS). There are currently three other labs running VMs on the CISL-hosted IaaS. The vSphere environment was set up as multiple clusters allowing general-use VMs to be run on one cluster, administrative VMs to run on a second cluster, and sensitive systems to run on separate clusters as an enhanced security feature. The vSphere environment is configured to interact with AD for authentication to reduce the number of passwords UCAR staff need to remember.

Support comes from NSF Core and CSL funding, as well as from UCAR Indirect funds because the services provided are available to all UCAR/NCAR labs and programs.