30 May 2003: faculty unanimously approve this proposal
23 Sep 2010 Faculty-approved revision here
31 Dec 2013: updated to remove decommissioned labs
5 Aug 2015: updated to remove vacated CP 206I lab and provide current diagram of CP Institute spaces
29 Sep 2017: updated to re-purpose CP 206I lab as "Engineering Research" and add new EE Labs: TPS 202/302 (Advanced Engineering and Power, resp.)
The current design of the existing labs is as follows:
There are five labs (206D, 206H, 206I) with storage closets, two server rooms (206F and 206N), and one communications room (206F). Three of the labs are about 650 sq. ft. apiece; one (206D) is about 1800 sq. ft. For more details, see the Cherry-Parkes section of the future plans of the labs.
Here is a rough diagram of the central part of the second floor. It is not to scale, but the positioning is correct and it gives a good feel for the layout.
|Hall||Open Area||206M Offices|
|Conference Room 206C|
|206M Entry||206L Office|
|Lab 206D||Student Area 206||Internal Hall||Repair 206J||Hall|
|Lab 206H||Mgr Office 206B||Lab 206I|
|Storage 206O||Lab 206D||Storage 206P||Storage 206K|
Here is a brief legend:
|Embedded Computing Systems||CP206D||unassigned||Don McLane|
|Information Assurance & Networking||CP206H||Yan Bai||Yan Bai, Chuck Costarella|
|Engineering Research||CP206I||Matt Tolentino||Matt Tolentino|
Here are some observations:
Some labs also include:
The Cherry-Parkes labs also include:
Responsibility can be delegated, but ultimate responsibility rests with the research group.
Each research group must have a person who serves as the lab director. The lab director should know what is going on in the lab and what each member is doing, both to manage the lab and to handle external requests about the lab.
It is recommended that the director position rotates amongst group members over time, and that there is a well-defined procedure for transferring the knowledge and responsibilities between the outgoing and incoming director.
Whenever anything is shared there must be some rules. If a group member's intended actions will:
The group should decide how it wants to handle external requests for lab resources.
If a resolution concerning the intended actions between the group member and others cannot be made, the faculty may decide to charge the Facilities Committee with recommending a resolution to the issue.
Please keep in mind there are many types of equipment costs:
The cost of labor may be the largest cost, but it won't be covered here.
Nearly all labs will need access to the infrastructure. Basic infrastructure for labs such as its walls, ceiling and floor as well as lighting are often taken for granted. Other infrastructure, such as cooling and electricity are more well-known because we sense when something is too hot or a circuit trips if too much electrical load is placed on it.
Here are some references for infrastructure contacts:
These areas are handled by campus Facilities personnel.
The first point of contact is campus Computer Services. Additional detailed help with the operation of the data network can come from Computing and Communications (C&C) Network Operations staff.
From any campus phone, dial #333 to contact campus safety and security personnel.
This is supported by the campus Media Services department.
This translates to a variety of services that Designated Teaching and Research Labs could use, as noted below. The research groups would be delegating responsibility and funding any such services, to whatever level is desired:
Normally, the operating system provides the mechanism for defining and managing users; once defined, they can be allowed access to various resources. The problem is that unless some planning is done ahead of time, each computer will only be able to authenticate the users it knows about. A central authentication source is desirable to reduce the amount of user account management.
Using authentication and authorization, users can be accountable for their actions and the path of entry for anyone trying to infiltrate lab computers may be more easily identifiable and therefore fixable. One can also perform accounting of resources, to construct reports on usage of the authorized resources.
Data are typically stored in files that reside on fixed or removable media. If the storage medium is not accessible, the data cannot be used. In addition, if something happens to that storage medium, the data may be lost.
Centralized file systems allow data stored there to be accessed by anyone who is connected to the file systems. Modern file systems are networked and accessible from the Internet, making access to files possible from any computer able to connect to the file server. Authentication and authorization protect other users from being able to use the data without permission. However, if something happens to the storage for a central file system, the data may still be unrecoverable.
Since most applications are simply a collection of files, given the correct licensing, some can be centralized as well and run over a network, to avoid installing the application on individual computers. An alternative method is to distribute just the interface from a central site to a user, so that it appears that the application is running locally. This is the "terminal server" or "display server" point of view.
Another aspect made easier by centralized file systems is volume management -- the ability to expand storage easily. Windows 2000 and Linux both have this capability for individual workstations or servers.
Data retention services provide backup and restore capabilities. By copying files on a periodic basis to another storage device, one can recover from the failure of the original storage device. Data retention systems are key to the reliability of a centralized file system. Note that a centralized file system permits centralization of backups for all computers connected to it.
One might also consider disk arrays as a means of protecting data from the failure of a disk drive. RAID 5 (Redundant Array of Inexpensive Disks, Level 5) provides parity and striping of data across disks. If one disk in the array fails, the data is still accessible via the parity information, although at a slower rate, until a new disk is added to the array and the array is rebuilt.
There are many instances in which you want to distribute something, like an application or a data file, from one computer to one or more others. You can often do this over the network with the right software, or the storage medium can be duplicated, as in a CD duplication device.
When managing a lab with many computers in it, it is often useful to make one image of the operating system and applications that all lab computers will share, then to re-image their individual disk drives with that master image. This saves a lot of time and reduces the chances of making a mistake when manually installing the same thing many times.
Students and faculty want to conveniently access their information and applications on a computer in a lab from their home or office computers. Providing this capability requires a secure means of remotely accessing the computer. However, one must always consider software licensing issues when distributing applications
An additional concern may be remote control of servers. It is possible to control the power (turn it on and off), send keystrokes, view the display, and create and use virtual floppy disks remotely, although it takes more non-standard hardware to do this.
If a printer is not locally attached to a computer, it needs to be networked in some manner in order to print from another computer and to manage the print jobs. A central print server can do this, or it can be set up with a designated computer in the lab.
Commercial software is not sold, it is licensed. Use is bound by the terms of the license. Unless otherwise stated, you can install commercial software only on one computer or removable hard drive. If you want it on several computers or removable hard drives, you will need to purchase enough licenses to cover the number you will install.
Often, there are volume licenses that significantly reduce the cost of licensing. In general, the more licenses one buys, the cheaper the per license cost, so it is cost-effective to consult others about your intended purchase to pool your request with theirs, or perhaps extend an existing volume license to include your additions.
The UW campus may already have some kind of volume license you can use.
Once a license is purchased, it is useful to know where it is used and how often it is used as well as have a mechanism to ensure that the number of uses don't exceed the number of licenses. This is the function of a license management tool, which is a central license server.
Additional license management software licenses would still need to be purchased, but they can be pooled just like any other software.
There are several advantages to managing licenses:
For example, if you bought 10 licenses but found that a maximum of 3 were ever used, your next renewal of the license might be for 5 (to account for a little extra growth).
This depends on the wording of the license.
This depends on the wording of the license. If possible for all software on a disk image, it simplifies the task of managing a lab of similar computers because the same disk image could be placed on each computer.
The advantages of connecting to the network using a centrally-managed scheme are as follows:
Quality of service (prioritized traffic) as well as providing fair use of bandwidth are possible.
This topic covers physical access, individual computer and network security.
Securing physical access to lab resources involves some kind of physical access controls. Common ones are door locks and key cards, but combination door locks, locker locks and cabling something to an immovable object are also used. Security cameras can also be used to deter or record activity in the labs.
Generally, people who have access to a lab can use whatever is available. However, it is often prudent to secure some things to make sure they remain in the place you designated for them or to impede a thief from taking expensive or desirable equipment.
Anyone who has physical access to a computer can break into it. You can impede this somewhat by locking the computer case, putting a password on the BIOS and disabling booting from anywhere other than the hard disk, but there are even ways around this. Most of the time, it isn't necessary to take such measures, but some research requires it for sensitive or classified data.
Beyond physical security and ensuring that rogue software isn't involved in booting up the computer, one needs to make sure that rogue software isn't installed on the computer. This is often accomplished by installing antivirus software. It doesn't protect against all attacks (only the ones it knows about, which excludes newer ones than in its database). It also must be set up properly and on the network to keep up to date with the latest attacks.
One critical element in protecting a computer from attack is keeping up to date with the latest patches and updates for the operating system and application software.
As soon as a computer is added to a network, it is capable of being attacked by any other computer on the network. Centralized network control (see network connectivity above) can help in preventing attacks from affecting others. Unused network "ports" can be blocked, unused services can be turned off or uninstalled, public keys can be used for trusted computers, and other techniques can be employed to reduce the likelihood that a computer is attacked from the network, or is surreptitiously used to attack other computers.
Also, the use of unencrypted network protocols (e.g., ftp and telnet) can expose passwords to whoever has access to the network infrastructure. This is more prelavent today with wireless networks and good network "sniffing" tools.
The UW as an institution and a state agency needs to know where valuable equipment (hardware or software) is.
Purple asset tags are used for equipment -- individual items that are cost less than $5000, including tax. Individual items (plus tax) $5000 and over are "inventorial" and require inventorial tags and must be recorded in OASIS within five days of receipt. Contact UW Equipment Inventory Office for tags and more information.
Institute or program-specific barcoding of equipment may make it easier to determine what you still have in a lab, or to help separate equipment you have as a researcher vs. what belongs to the program or UW.
At least once per year, the Designated Teaching and Research Labs will be reviewed for compliance with stated policies. The intent is to prevent damage to data, networks and equipment as well as to prevent or detect loss of equipment due to theft.