Frank Grewe ([email protected]) Office of Information Technology University of Minnesota.
-
Upload
morris-wade -
Category
Documents
-
view
218 -
download
0
Transcript of Frank Grewe ([email protected]) Office of Information Technology University of Minnesota.
![Page 2: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/2.jpg)
Physical Plant
• 4 different locations– 3 production
• WBOB
• NTC
• AHC
– 1 development/backup• Lind Hall
![Page 3: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/3.jpg)
Black Box
• Locked 19” rack– 2 fiber pairs configured as 200MB etherchannel– 2 power connections– 2 phone lines
![Page 4: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/4.jpg)
Hardware
• Ether Switch• Terminal Server• (2) Modems• SUN Netra T1• (8) SUN Netra X1• Dell 2450• SUN 420R/A1000• SUN E450
![Page 5: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/5.jpg)
Services
• Administration/monitoring/security• Certificate Authority• X.500 DSA• “Repository”• Directory gateways• Web services• Email, etc…• Active Directory!
![Page 6: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/6.jpg)
Networks
• Private VLAN
• Local (umn.edu)
• Internet
![Page 7: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/7.jpg)
Remote Admin
• Terminal Server connects to console ports (vcon)
• System/application monitoring (mon)
• Security monitoring
• Oncall paging
![Page 8: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/8.jpg)
![Page 9: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/9.jpg)
History
• Vision for universal internet access– E-Mail– Gopher– News– Modem Pool– Etc
• Directory seen as a lookup mechanism
![Page 10: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/10.jpg)
White Pages
• finger
• whois
• ph
• gopher
• http
• ldap
![Page 11: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/11.jpg)
Fueled Cooperation
• First visible joint project between what was then Academic and Administrative groups
• Directory required data feeds from:– Staff Demographic Database– Student Records Database– Class Registration Database– Student Fees Transactions
![Page 12: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/12.jpg)
Directory Changed Processes
• Demand for electronic update
• Mailing lists for classes/departments/etc
• Authentication for modem pool access
• Departmental Systems (IT Labs)
• Buy-in occurs when value is perceived
![Page 13: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/13.jpg)
U Card Services
• Directory is used for card issuing
• Card is associated with X.500 object
• Directory directly queried for authorization
![Page 14: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/14.jpg)
Authorization Services
U Card DirectoryServices
Student Registration
Employees
Access Denied
Library
“Food” Service
Special Privileges
Building Access
Medical
![Page 15: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/15.jpg)
Authn/Authz
• radius• https:
– un/pw exchange– Web cookies– UCard– DLF
• Batch feeds• ldaps?
![Page 16: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/16.jpg)
Directory Role
• Authenticates
• Audit Trail
• Authorization varies:– None– Some– All
![Page 17: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/17.jpg)
Data Sources
• Human Resources
• Payroll
• Student Records
• Accounts Receivable
• Coordinate Campuses
• Departments
![Page 18: Frank Grewe (fjg@umn.edu) Office of Information Technology University of Minnesota.](https://reader036.fdocuments.us/reader036/viewer/2022081807/56649f055503460f94c19a66/html5/thumbnails/18.jpg)
Data Owners in Control
• Signoff needed to access attributes
• Reviewed yearly
• Benefits:– Knowledge of attribute usage– Changes transparent to applications