System admin for the BRICCS infrastructure

BRICCS page in the RCS wiki : ​https://rcs-manage-1.star.le.ac.uk/wiki/index.php5/BRICCS

A list of the systems we have available, and what software they are running.

Hospital systems

On the hospital side, the machines are created within the UHL server facility managed by IM&T. We currently have four VMs, visible only from within the hospital environment.

Mail: System needs to be able to manage local and outgoing mail. 'smarthost' used for everything else: smtp.xuhl-tr.nhs.uk

ClamAV: Put the following in cron.weekly and chmod 755: clamscan -ri --exclude-dir=^/sys\|/proc\|^{/dev / | mail -s "ClamAV Scan Results for date +%D" email@…}

All UHL machines need to be able to access the internet for updates, etc. For this they need to be 'allowed by rule' through the BlueCoat firewall. This is arranged by UHL IM&T (Geoff Harrison)

briccs

• Hostname : briccs.xuhl-tr.nhs.uk
• Location : UHL 10.156.254.207
• Subnet - 255.255.255.128, Gateway - 10.156.254.129
• DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
• Hardware : Virtual machine
• Software : Ubuntu 9.10
  • Packages: sun-java6-bin sun-java6-jdk maven2 perl openssl apache2 php webmin.deb build-essential clamav

• Services
  • Onyx and dependencies, including the pmi lookup
  • MRBS for room bookings
  • REDCap for production studies and surveys
  • webmin to port 10000 (HTTPS)
  • byobu for multiple terminals if desired
  • Printing: cups on app01. Configure using web interface, but when in normal mode comment out the Listen 10.156.254.207 line from the /etc/cups/cupsd.conf - currently only user in lpadmin group is nick. Printer configured as 'TMF-HP' for use in Onyx.

briccsdb

• Hostname : briccsdb.xuhl-tr.nhs.uk
• Location : UHL 10.156.254.206
• Subnet - 255.255.255.128, Gateway - 10.156.254.129
• DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
• Hardware : Virtual machine
• Software : Ubuntu 9.10
  • Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav

• Services
  • MySQL database for Onyx, REDCap and the BRICCS ID label system.
  • phpmyadmin at /phpmyadmin/
  • webmin to port 10000 (HTTPS)
  • byobu for multiple terminals if desired

briccsdev

• Hostname : uhlbriccsdev.xuhl-tr.nhs.uk
• Location : UHL 10.147.126.57
• Subnet - 255.255.255.128, Gateway - 10.147.126.1
• DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
• Hardware : Virtual machine
• Software : Ubuntu 10.04
  • Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav

• Services
  • OnyxTestSystem and dependencies, including the test pmi lookup

briccsdbdev

• Hostname : uhlbriccsdbdev.xuhl-tr.nhs.uk
• Location : UHL 10.147.126.56
• Subnet - 255.255.255.128, Gateway - 10.147.126.1
• DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
• Hardware : Virtual machine
• Software : Ubuntu 10.04
  • Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav

• Services
  • MySQL database for OnyxTestSystem

uhlbriccsapp02

• Hostname : uhlbriccsapp02.xuhl-tr.nhs.uk
• Location : UHL 10.156.254.252
• Subnet - 255.255.255.128, Gateway - 10.156.254.129
• DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
• Hardware : Virtual machine
• Software : Ubuntu 10.04
  • Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav

• Services
  • Testing version of i2b2 - NG using for clinical data interchange work

uhlbriccsapp03

• Hostname : uhlbriccsapp03.xuhl-tr.nhs.uk
• Location : UHL 10.156.254.254
• Subnet - 255.255.255.128, Gateway - 10.156.254.129
• DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
• Hardware : Virtual machine
• Software : Ubuntu 10.04
  • Packages: phpmyadmin mysql perl openssl webmin.deb build-essential clamav

• Services
  • Testing version of REDCap
  • Testing version of i2b2 - NH using for onyx export / import

uhlbriccsapp04

• Hostname : uhlbriccsapp04.xuhl-tr.nhs.uk
• Location : UHL 10.156.253.176
• Subnet - 255.255.255.128, Gateway - 10.156.253.129
• DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
• Hardware : Virtual machine
• Software : Ubuntu 12.04
  • Packages: build-essential clamav htop

• Services
  • Testing version of CiviCRM

uhlbriccsapp05

• Hostname : uhlbriccsapp05.xuhl-tr.nhs.uk
• Location : UHL 10.156.253.177
• Subnet - 255.255.255.128, Gateway - 10.156.253.129
• DNS - 10.147.126.165 10.147.126.166 10.156.249.165 10.156.249.166 10.160.15.165 10.160.15.166
• Hardware : Virtual machine
• Software : Ubuntu 12.04
  • Packages: build-essential clamav htop

• Services
  • Live version of CiviCRM

University systems: LAMP Infrastructure

All systems on the University side should eventually run on LAMP insfrastructure. The systems are VM's provided by RCS.

lamp-api-08

• Hostname: lamp-api-08.rcs.le.ac.uk
• Ownership: JL
• Software: SLES 11 Linux

• Services
  • Development deployment of i2b2 v1.5.5
  • Access to SQL Server 2005 development instance

lamp-api-15

• Hostname: lamp-api-15.rcs.le.ac.uk
• Ownership: JL
• Software: SLES 11 Linux

• Services
  • Projected development deployment of i2b2 v1.6
  • Access to SQL Server 2008 development instance for 1 briccs project

lamp-api-16

• Hostname: lamp-api-16.rcs.le.ac.uk
• Ownership: JL
• Software: SLES 11 Linux

• Services
  • Projected development deployment of i2b2 v1.5.5 for exploring multiple versions of Ontologies.
  • Access to SQL Server 2008 development instance for 3 briccs projects

Pre-LAMP University systems

The following are existing systems on the University side which have yet to be moved to the LAMP infrastructure. The systems are provided by RCS.

briccs-1

• Hostname : briccs-1.rcs.le.ac.uk
• Location : RCS
• Hardware : ?
• Software : OpenSuse

• Services
  • Host VirtualBox system for sandbox VMs
  • ex-Live deployment of BriccsLabelsWebapp (not used)
  • ex-Test deployment of CaTissue (not used)

• Accessing the VirtualBox GUI Control Panel:

ssh -X briccs-1.rcs.le.ac.uk
nrh11@briccs-1:~> echo $DISPLAY
localhost:13.1
nrh11@briccs-1:~> sudo su -
nrh11's password:
briccs-1:~ # export DISPLAY=localhost:13.1
briccs-1:~ # xauth merge ~nrh11/.Xauthority
briccs-1:~ # VirtualBox

• VMs currently provisioned:

briccs-4.rcs.le.ac.uk 02:01:8F:D2:AA:8C 143.210.170.140
briccs-5.rcs.le.ac.uk 02:01:8F:D2:AA:8D 143.210.170.141
briccs-6.rcs.le.ac.uk 02:01:8F:D2:AA:8E 143.210.170.142
briccs-7.rcs.le.ac.uk 02:01:8F:D2:AA:8F 143.210.170.143

Settings

IP mask : 255.255.255.0 Gateway : 143.210.170.1 DNS one : 143.210.12.152 DNS two : 143.210.12.154

VBoxManage man page: ​http://www.virtualbox.org/manual/ch08.html

Note: when rebuilding a VM, the ssh key will change. On local machines use "ssh-keygen -R hostname" and "ssh-keygen -R IP" to remove them and then reconnect.

briccs-2

• Hostname : briccs-2.rcs.le.ac.uk
• Location : RCS
• Hardware : VirtualBox virtual machine
• Software : OpenSuse

• Services
  • Subversion (svn) repository

briccs-3

• Hostname : briccs-3.rcs.le.ac.uk
• Location : RCS
• Hardware : VirtualBox virtual machine
• Software : OpenSuse

• Services
  • Deployment of caTissue
  • Label printing webapp, accessed by ​http://services.briccs.org.uk/labels/

VMs on briccs-1

• The VMs on briccs-1 are transitory, however please check with the listed owner before destruction.

briccs-4

• Hostname : briccs-4.rcs.le.ac.uk
• Ownership: DM
• Location : briccs-1
• Hardware : VirtualBox virtual machine
• Software : CentOS 6.2

• Services
  • BRISSkit Drupal
  • BRISSkit MediaWiki

briccs-5

• Hostname : briccs-5.rcs.le.ac.uk
• Ownership: JL
• Location : briccs-1
• Hardware : VirtualBox virtual machine
• Software : CentOS

• Services
  • Test deployment of i2b2

briccs-6

• Hostname : briccs-6.rcs.le.ac.uk
• Ownership: JL
• Location : briccs-1
• Hardware : VirtualBox virtual machine
• Software : CentOS

• Services
  • Deployment of caTissue p5 for API client testing

briccs-7

• Hostname : briccs-7.rcs.le.ac.uk
• Ownership:
• Location : briccs-1
• Hardware : VirtualBox virtual machine
• Software : CentOS 5.5 (64bit)

• Services
  • Trac system
    • ​http://trac.briccs.org.uk/
  • Maven repository
    • ​http://mvn.briccs.org.uk/
  • Data repository
    • ​http://data.briccs.org.uk/

BRICCS Server Security

The following should be considered the standard specification for BRICCS Server Security:

ClamAV: Put the following in cron.weekly and chmod 755: clamscan -ri --exclude-dir=^/sys\|/proc\|^{/dev / | mail -s "ClamAV Scan Results for date +%D" email@…}

fail2ban

• Note: If installing on a CentOS machine, fail2ban is only available from the EPEL repo: rpm -Uvh ​http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

logwatch

NagiOS

chkrootkit

Snort

What else?