The Private Vax Network

Motivation

The Physics Division Vax cluster will be placed on a private network on Feb. 3, 2001. ANL has mandated that all network traffic be encrypted. The Vaxes are not capable of supporting ssh access to them. In order to preseve network access to the Vaxes, they will be relocated onto a private network that is not directly accessible from the Internet. Access to the gateway is provided via a gateway machine.

Architecture

If you like diagrams, here's a logical view of the private network in relation to the division network.

Names

Within the private network, the Vax nodes will no longer have the phy.anl.gov domain name. The new domain is vax.clus. Therefore, the Vax machines are renamed as follows:

Old Name	New Name
anph00.phy.anl.gov	anph00.vax.clus
anlphy.phy.anl.gov	anlphy.vax.clus
anph06.phy.anl.gov	anph06.vax.clus
anph09.phy.anl.gov	anph09.vax.clus
anph10.phy.anl.gov	anph10.vax.clus
anph11.phy.anl.gov	anph11.vax.clus
anph12.phy.anl.gov	anph12.vax.clus
anph13.phy.anl.gov	anph13.vax.clus

The Gateway

In addition to these nodes, there is a gateway machine which bridges the private network to the Physics Division networks and to the wild wide Internet. The name of the gateway machine is vaxgate.phy.anl.gov on the division network and vaxgate.vax.clus on the private network. Connection to the gateway from the Internet is possible only via ssh. Once you are logged into vaxgate, you can use telnet to connect to the Vaxes. Conversely, if you are logged onto a Vax machine and wish to reach the outside world, you must first log onto the gateway. In this case, you telnet to the gateway from the Vax cluster.

The gateway is part of the maria cluster. You will need an account on the maria cluster in order to log onto the gateway.

Phylis and Physics Dial-In

The Physics Division dial-in modems are part of the Phylis system which will also be relocated on the private Vax network. If you typically dial the 3854, etc., phone numbers to connect to the Vaxes from offsite, you can continue to do so.