CLE Technical DesignCLE Technical Design

David S. CondreyLAN Systems - DCIT

Presented at:

Technology Transfer Partners (TTP) 1998

Salt Lake City, UtahJuly 7, 1998

CLEMSONU N I V E R S I T Y

AgendaAgenda

Short Clemson Review97-98 RecapCLE OverviewUser’s View Instructor Course ManagementThe DesignThe ImplementationThe Future

Introduction/BackgroundIntroduction/BackgroundClemson University-Upstate SC37,000 users in NDS with home

directories since 1995.NDS is centerpiece of security and

authentication.Big Development Shop~130 Netware 4.x serversAutomated account creation and

maintenance.

Automatic Userid System (AUS)Automatic Userid System (AUS)

MVS

UNIX

NDS

Personnel AdmissionsOther

Other

AUSAUS

Tree DesignTree Design

Users Organizations

ClemsonU

Every Person Has a PlaceEvery Person Has a Place

A to Z A to Z A to Z

Students Misc. Employee

ClemsonU

OrganizationsOrganizations

Every Group Has a PlaceEvery Group Has a Place

UsersUsers Athletics DCIT

Forestry Research Dean's office

CAFLS CES

ClemsonU

Personal Storage (User Data Personal Storage (User Data Servers)Servers)

EmployeDn

Any faculty or staff member

Any student

Office, lab, or dial-in

Dorm, lab, or dial-in

StudentDn

Collaborative Storage (Faculty &Collaborative Storage (Faculty &

EmployeD

Group server1 StudentD

App server

Students)Students)

Authentication ServerAuthentication Server

Mail authC

Web authC

mainframe authC

UNIX authC

NetWare authC

Sun authC

Windows NT authCOracle† authC

NDS

intraNetWare server BintraNetWare server A

AUTHSERV.NLM

intraNetWare server C

RACF

AuthClientAuthClient

POPd

AuthClient

Web site

WebApp

User workstation (Windows 95/Windows NT and Mac workstation)

Eudora TN3270 Netscape† LOGIN.EXE

AuthClient

Apache

WebApp

AUTHSERV.NLM AUTHSERV.NLM

OnlinesVTAM

Mainframe (MVS)MAIL (Solaris) NT Server OpenLinux

Using NDS Security Across the Using NDS Security Across the IntranetIntranet

AuthenticatedClient

ServerAuthClient

AuthenticationServer

NDS

Netscape IIS32-bitDLL

AUTHSERV.NLM

NDS

Page requestCheckEquiv

Check SecurityEquivalence

Locate user objectand run equivalencelist

NT 4.0

AUTHSERV Client FunctionsAUTHSERV Client Functions

Password checkPassword changeResolve to fully distinguished nameCheck security equivalenceReturn group membershipMiscellaneous administrative

functionsGet Effective Rights

Caldera OpenLinux and ApacheCaldera OpenLinux and Apache

Web gateway to NetWare file system

Caldera OpenLinux

FileServer

FileServer

FileServer

AuthC

Browser

Browser

Browser

BrowserAuthServer

FileServer

FileServer

Using NDS to Secure Web PagesUsing NDS to Secure Web Pages

NovellAuth onAuthName Novell TreeAuthType Basic <Limit GET POST>require user gmcochrrequire user kellenrequire group .resadmin.groups.employee.clemsonu</Limit>

What We’ve Been Doing Over What We’ve Been Doing Over the Past Yearthe Past Year

Site License from NovellStudentD/EmployeD splitUpgrade Everything to 4.11Convert Public Labs to ‘95BrainshareAppnotes and Developer NotesNetware 5/ZEN Testing

More of What We’ve Been DoingMore of What We’ve Been Doing

PAM Development for Authentication Server

Cisco PIX FirewallCollaborative Learning

Environment

DescriptionDescription

Collaborative Learning Environment (CLE) Provide a framework for collaborative

works between faculty and students as well as between students themselves.

This means managed and structured disk space that is easily accessible by both students and faculty.

Collaborative Learning Collaborative Learning Environment (CLE)Environment (CLE)Faculty member wants to put data on

the network that students can useStudent submission of work to facultyStudents collaborate on team projects

with assistance from faculty memberStudents and faculty collaborate on

projects or assignmentsPublish web pages as a team or class~6000 class sections per semester

Project GoalsProject Goals

Automate as much as possible.Limit required knowledge of the

instructor.Limit required knowledge of the student.Limit required CSG/SSG involvement.Limit required TSP involvementK.I.S.S.

MaximsMaxims

A class is an interaction of people not necessarily enrolled in a common course (CPSC 423/423H/623)

CLE is analogous to a classroom.The customer is the Instructor and the Student. The harder this is to explain to users, the harder

it is to implement and use. We don't have to get everything perfect the first

time.

TechnologyTechnology

Novell Directory Services (NDS)Student Databases on OS/390Netware File SystemNetware Application Launcher (NAL)Caldera NDS interface for LinuxApache Web server for LinuxAuthentication ServerLots of code for Management Automation

Development TechnologyDevelopment Technology

Borland C/C++ Version 5Netware SDK 15EXE2NLMNDSSNOOPPhoenix DocumentGNU CPerlHTML,JavaScript

NDSSnoopNDSSnoop

It Takes Two to TangoIt Takes Two to Tango

Direct File System AccessDirect File System Access

Become One with the ‘NetBecome One with the ‘Net

NAL as a Door to Direct File NAL as a Door to Direct File AccessAccess

List of enrolled courses.

Icons for each course abbreviation submitted by departments.

Not “applications” in the traditional sense.

Really runs “Explorer” and maps a drive.

Introduces the concept of NAL to instructors.

Explorer functions as “My Explorer functions as “My Computer”Computer”

What a Class Folder Looks Like What a Class Folder Looks Like to the Student (My Computer)to the Student (My Computer)

What a Class Folder Looks Like to What a Class Folder Looks Like to the Student (Windows Explorer)the Student (Windows Explorer)

Web AccessWeb Access

Web AuthenticationWeb Authentication

Class ScheduleClass Schedule

A Particular ClassA Particular Class

Conferencing - Multiple LevelsConferencing - Multiple Levels

Instructor Must AuthenticateInstructor Must Authenticate

Instructors Manage SemestersInstructors Manage Semesters

Default Grouping - 1:1Default Grouping - 1:1

Combine Courses - 2:1 GroupingCombine Courses - 2:1 Grouping

Combine Courses - 2:1 Grouping (2)Combine Courses - 2:1 Grouping (2)

Combine Courses - 2:1 Grouping (3)Combine Courses - 2:1 Grouping (3)

Managing Teams - CreateManaging Teams - Create

Managing Teams - UnlimitedManaging Teams - Unlimited

The Big PictureThe Big Picture

ListMGR

Studentdatabase

GroupMGRNLM

NDS DiskSpace

Linux

Apache

CalderaGroupmgr

Student

Browser

Instructor

Browser

Linux

ApacheCaldera

WebAccess

DirectAccess

CLEManagement

MVSOS/390

CLE Setup has 2 PartsCLE Setup has 2 Parts

NDSFile System

NDS DesignNDS Design

Course abbreviation

Pointer to File Space

Semester number

Course number

Section number

Instructor(s)

Instructor managed teamsApplication object for NAL

ClassMember(s)

All Instructors&Classrolls

NDS Design - Course AbbreviationNDS Design - Course Abbreviation

Holds NDS Objects for all courses in “Electrical and Computer Engineering” (ECE)

160 different course abbreviations.

These are partition boundaries.

NDS Design - ShareDMONDS Design - ShareDMO

Everything uses the “PATH” property to find the file space that backs this course.

“Everyone” group has rights to read the PATH property.

NDS Design - EveryoneNDS Design - Everyone

Holds every person listed as a STUDENT in any class in any semester of ECE.

Holds every person listed as an INSTRUCTOR in any class in any semester of ECE.

NDS Design - Global InstructorsNDS Design - Global Instructors

Holds every person listed as an INSTRUCTOR in any class in any semester of ECE.

NDS Design - SemesterNDS Design - Semester

Holds NDS constructs for all ECE courses in a particular semester.

State (S) attribute is used for tracking updates.

NDS Design - Course NumberNDS Design - Course Number

Holds NDS constructs for all sections of “Electronics I” (ECE 320).

NDS Design - AdminNDS Design - Admin

Not currently in use. Intended to provide a

place to assign management duties to departmental personnel on a per course basis.

Ex: help manage all sections of Chem 101.

NDS Design - SectionNDS Design - Section

Holds NDS constructs for one section of “Electronics I” (ECE 320).

Description attr holds TTRB and other info.

Location attr holds pointer to ShareDMO and name of file system directory.

NDS Design - ClassRollNDS Design - ClassRoll

The people taking the class.

Member attr holds the userids of the people taking the class.

Description attr holds course title for NAL.

App:Association with SHARE application object for NAL.

NDS Design - InstructorNDS Design - Instructor The people teaching

the class. Member attr should

hold the userids of the instructors. See Also*

Description attr holds course title for NAL.

App:Association with SHARE application object for NAL.*

NDS Design - Teams ContainerNDS Design - Teams Container

Holds NDS groups for each team created by the instructor.

NDS Design - TeamsNDS Design - Teams

Instructor maintained groups.

No naming rules; at discretion of the prof.

Not accessed by the instructor directly. Uses web tool.

Member attr holds userids of people put in to the groups.

NDS Design - Share ApplicationNDS Design - Share Application

Title attr contains NAL title.

Executable is EXPLORER.EXE

Icon is unique to course abbreviation.

Command line parms “/root,k:\”

Cleans up network resources on exit.

NDS Design - Share Application (2)NDS Design - Share Application (2)

Description attr holds long description of course “Collaborative Learning Environment disk space for ELECTRICAL AND COMPUTER ENGINEERING 426 sec001 9804”

Mapped Drives attr holds rooted map of K: to the correct* ShareDMO.

Platforms attr is ‘95 and NT.

File System DesignFile System Design

What a Class Folder Looks LikeWhat a Class Folder Looks Like

E_C_E

General

101_9806.001

426_9806.001

Share

Teams

101_9806.002A1Team1

Handouts Classwrk

Resource

ToDo

TurnIn

Reviewed

ALAYTON

ALAYTON

A1Team2

xxxxx

….

463_9806.010

860_9806.043

…….

ProfOnly Public.www

RightsRights

RF

ALL*ALL*ALL*ALL*ALL*ALL*

Instructor

RWCEF

RFRF

RFALL*

ClassRoll

CRF

cstoneb

RF

CRF

dandrew

RF

ALL*

P2Team2

RF

PublicWeb

* - All but Supervisor

Instructor

User CSTONEB

Class Roll

User DANDREW

Team P2TEAM2

Team P2TEAM1

Public Web

Library Staff

Read Access

Write Access

Create-Only Access

MVS OS/390

Automated Distribution ListsAutomated Distribution Lists

ListMGRListMGR

popD ListDMail

server

TCP/IP

Class rolesDepartments

Studentdatabase

Employeedatabase

Automated NDS Group Automated NDS Group MembershipMembership

MVS OS/390

ListMGR

popDpopD ListDListD MailServer

MailServer

TCP/IP

Class Roles

NDS GroupMGRNLM

TCP/IP

Studentdatabase

Course IdentifierCourse Identifier

9808SPAN_H321006-LSection Number

Course Number

Prefix

Course Abbreviation

Semester Number

‘_’ - Standard‘H’ - Honors‘L’ - Lab‘T’ - Telecampus‘C’ - Consortium

Transaction Data FormatsTransaction Data Formats

Based on Listserv commandsPUT - Snapshot of an entire courseOPT - Options for a course ADD - Drop/Add Classroll members

for a courseDEL - Course Cleanup

Transaction Data Transaction Data Format - PUTFormat - PUT

Create course or set instructors & classroll.

If course exists already, make changes as appropriate.

‘Owner=‘ names instructor(s)

NOP Ticket Tracking

PUT 9806E_C_E_891001-L.LIST PW=M00NWALKER** E C E 891 001** SEND= PRIVATE* SERVICE= LOCAL* SUBSCRIPTION= CLOSED* CONFIDENTIAL= YES* PW= E00218* REPLY-TO= SENDER,RESPECT* DEFAULT-OPTIONS= REPRO,NOACK* VALIDATE= YES,CONFIRM* REVIEW= OWNERS,POSTMASTER* LOOPCHECK= NOSPAM* ERRORS-TO= OWNERS,POSTMASTER* OWNER= MISTYB@CLEMSON.EDU* OWNER= BAUMC@CLEMSON.EDU BAUM CARL WMISTYB@CLEMSON.EDUBAUMC@CLEMSON.EDU BAUM CARL WFBLOCK@CLEMSON.EDU BLOCK FREDERICK JMCOLWEL@CLEMSON.EDU COLWELL MICHAEL T <some deleted>FSTIVER@CLEMSON.EDU STIVERS FRED S JRJWYSOCA@CLEMSON.EDU WYSOCARSKI JEFFREY SJOHNY@CLEMSON.EDU YOUNG JOHN CALVIN&&&&&NOP 0003454

Transaction Data Format - OPTTransaction Data Format - OPTSets ‘options” for a course.TTRB - Title, Time, Room, BuildingNOP Ticket Tracking

QUIET SET 9806ECON__101001-L REPRO,NOACK FOR *@* TTRBQUIET SET 9806ECON__101002-L REPRO,NOACK FOR *@* TTRBQUIET SET 9806ECON__101003-L REPRO,NOACK FOR *@* TTRB QUIET SET 9806ECON__201001-L REPRO,NOACK FOR *@* TTRBQUIET SET 9806ECON__320001-L REPRO,NOACK FOR *@* TTRBQUIET SET 9806ECON__320002-L REPRO,NOACK FOR *@* TTRBQUIET SET 9806ECON__455001-L REPRO,NOACK FOR *@* TTRBQUIET SET 9806ECON__655001-L REPRO,NOACK FOR *@* TTRBQUIET SET 9806ECON__814001-L REPRO,NOACK FOR *@* TTRBNOP 0003845

Transaction Data Format - ADDTransaction Data Format - ADDDrop/Add classroll for a course.NOP Ticket Tracking

QUIET DEL 9806CP_SCL120003-L PW=J011EYMA1NT HENRYJ@CLEMSON.EDUQUIET DEL 9806CP_SC_241001-L PW=J011EYMA1NT SVALLEP@CLEMSON.EDUQUIET ADD 9806CP_SC_481002-L PW=J011EYMA1NT FBLINN@CLEMSON.EDU QUIET ADD 9806CP_SC_481002-L PW=J011EYMA1NT REDRICH@CLEMSON.EDU QUIET ADD 9806CP_SC_481002-L PW=J011EYMA1NT SFROMM@CLEMSON.EDU NOP 0003665

Transaction Data Format - DELTransaction Data Format - DELDelete a course.NOP Ticket Tracking

/DELETE 9805CP_SC_320001-L PW=J011EYMA1NT/DELETE 9805CP_SC_320002-L PW=J011EYMA1NT/DELETE 9805CP_SC_320003-L PW=J011EYMA1NT/DELETE 9805CP_SC_653001-L PW=J011EYMA1NT/DELETE 9805CP_SC_814001-L PW=J011EYMA1NT/DELETE 9805CP_SC_822001-L PW=J011EYMA1NTNOP 0003997

NDS Server PlacementNDS Server PlacementClemsonU

OrganizationsOrganizationsUsersUsers CLECLE

CLExCLEx

5 Dell 4200 w/ 512MB RAM

250 GB RAID-5Switched 100mbit

GroupMGRNLM

CU-ROOT-1CU-ROOT-1

Transaction Tracking - TicketsTransaction Tracking - Tickets

NOP nnnnnnn record on OPT, PUT, ADD, and DEL files.

nnnnnnn is unique ticket number that was started at 0000001 on the first file on the first day of production and is incremented for each transaction file.

Assures transactions are processed in order intended.

The Spanish-Nursing ProblemThe Spanish-Nursing Problem

If an instructor groups courses from 2 different course abbreviations, we must choose one server to hold the data.

SPAN_ NURS_

?

The 64 Security Equivalence LimitThe 64 Security Equivalence Limit

There is a ‘limit’ of 64 explicit and implicit security equivalances in Netware 4.x.

Explicits are easy to see in NDS.Implicits are [Public] and each of your

ancestor containers.Netware 4.x uses ‘sliding window’ algorithm*.Fixed in 5.x, will not be fixed in 4.x.This is a problem for CLE.

CLE Circumvention for the ProblemCLE Circumvention for the Problem

Set ‘See Also’ in each Instructor User object to the ‘Instructor’ group for the course.

Set ‘See Also’ in the ‘Instructor’ group for the course to the user object for each listed instructor.

Do explicit Rights and application assignments to each instructor user object instead of the group.

CLE Circumvention for the ProblemCLE Circumvention for the Problem

#IFDEF NETWARE5 if (CUAddUserToGroup(context,member,group,1)!=0) numerrors++;#ELSE // Setup Application association between User and SHARE App section=strchr((char *)group+1,'.'); sprintf(appObject,".SHARE%s",section); err=SetUpAssn(context,appObject,member); // Add user to SeeAlso attribute of group err=PutNDSAttr(context,(char *)group,"See Also",member,"ADD"); …..another couple hundred lines...#ENDIF

Access for the NAL-ChallengedAccess for the NAL-Challenged

Mac - Folder of Aliases, one for each course abbreviation pointing to the same path as the ShareDMO for that course abbreviation.

DOS - Folder of BAT files, one for each course abbreviation pointing to the same path as the ShareDMO for that course abbreviation.

--Does not address Spanish-Nursing.

Things to DoThings to DoTrainingIntegration with Course Content

Management Application such as WebCT, TopClass, etc.

Get User Feedback & Make enhancements.Move to Netware 5 to resolve 64 SE limit.Load Balance and Tune CLE and NDS

ServersBuckle chinstrap and hold on tight.

davidc@clemson.edu

http://people.clemson.edu/lansystems