Life After Implementation: Ensuring 24 x 7 Availability

Slides:



Advertisements
Similar presentations
WebISO PanelEducause SAC Implementing Single Sign On Technologies for Campus Portals Panel Nathan Dors, Project Lead Security/Middleware Unit Univ.
Advertisements

Administrative Data and Curricular Support: The Sum is Greater Than the Parts NERCOMP 2004 Copyright Bret Ingerman, Daniel Green, and Beth DuPont, 2004.
Data, Policy, Stakeholders, and Governance Amy Brooks, University of Michigan – Ann Arbor Bret Ingerman, Vassar College Copyright Bret Ingerman This.
Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
© Copyright Computer Lab Solutions All rights reserved. Do you need usage information about your computer labs? Copyright Computer Lab Solutions.
Cut Costs and Increase Productivity in your IT Organization with Effective Computer and Network Monitoring. Copyright © T3 Software Builders, Inc 2004.
File Server Organization and Best Practices IT Partners June, 02, 2010.
Web Application Management Moving Beyond CMS Douglas Clark Director, Web Applications Copyright Douglas Clark 2003 This work is the intellectual property.
Copyright Tom Parker, Ron DiNapoli, Andrea Beesing, Joy Veronneau This work is the intellectual property of the authors. Permission is granted for.
February 2006 copyright Michael Welch, Blinn College This work is the intellectual property of the author. Permission is granted for this material to be.
Virtualization Across The Enterprise Rob Lowden Director, Enterprise Infrastructure Indiana University 23 May 2007.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
The Homegrown Single Sign On (SSO) Project at UM – St. Louis.
Identity Management: The Legacy and Real Solutions Project Overview.
The Journey Toward 24/7 IT Monitoring University of North Carolina at Greensboro Design and Build of Network Operations Center Copyright Thomas M. Sheriff,
Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Copyright Dong Chen, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.
West Virginia University Office of Information Technology Support Services One Stop Shopping For IT Support Services Sid Morrison Director, OIT Support.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Moving Your Paperwork Online Western Washington University E-Sign Web Forms Copyright Western Washington University, This work is the intellectual.
GatorAid: Identity Management at the University of Florida Mike Conlon Director of Data Infrastructure
Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Identity Management – Why and How Experiences at CU-Boulder Copyright Linda Drake, Director of Development and Integration, University of Colorado, Boulder,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
1 No More Paper, No More Stamps: Targeted myWSU Communications Lavon R. Frazier April 27, 2005 Copyright Lavon R. Frazier, This work is the intellectual.
NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Copyright Michael White and Sandra Thompson, This work is the intellectual property of the author. Permission is granted for this material to be.
Module 13: Network Load Balancing Fundamentals. Server Availability and Scalability Overview Windows Network Load Balancing Configuring Windows Network.
Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Identity Management: The Legacy and Real Solutions MIIS Implementation.
CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
Copyright © 2003, The University of Texas at Austin. This work is the intellectual property of the author. Permission is granted for this material to be.
Portals and Web Standards Lessons Learned and Applied David Cook Copyright The University of Texas at Austin This work is the.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
University of Southern California Identity and Access Management (IAM)
SupportU 24x7: Implementing and Maintaining a Co-Managed Help Desk
A Path to the Community Cloud Making Above Campuses Services a Reality
(ITI310) SESSIONS 8: Network Load Balancing (NLB)
Walking the Line Between Customer Service and Customer Codependency
Server Upgrade HA/DR Integration
Adapting Enterprise Security to a University Environment
Decentralization in a Centralized IT Environment
Disaster Recovery Technical Infrastructure at George Mason University
Control system network security issues and recommendations
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
THE STEPS TO MANAGE THE GRID
Defining an IT Workflow, from Request to Support
Designing a Web-Based Student Portfolio System
University of Southern California Identity and Access Management (IAM)
Administering Your Network
Open Source Web Initial Sign-On Packages
myIS.neu.edu – presentation screen shots accompany:
Technical Topics in Privilege Management
Identity Management at the University of Florida
Managing Enterprise Directories: Operational Issues
UF Directory Coordinator Training
Enabling Applications to Use Your IdMS
An Introduction to System Administration
Designing IIS Security (IIS – Internet Information Service)
Bad News Messages: How Much and How Often?
Presentation transcript:

Life After Implementation: Ensuring 24 x 7 Availability After implementing an enterprise directory service, it's critical to have high availability to ensure its acceptance. This session will outline monitoring tools, as well as strategies for ensuring 24 x 7 availability. Copyright John Ball 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

Life after implementation Background 24 x 7 – what it means Strategy & Design Tools & Monitoring Acceptance, Interaction, & Policy 11/19/2018 2

SUNY@Buffalo Part of the NY state system http://www.suny.edu/ 27,000+ enrolled students 13,000+ Staff & Faculty 2 Campuses 3 (4) geographically dispersed machine rooms 50/50 mix of Central IT and departmental support Enterprise Metadirectory 5 Enterprise Directories AD, DCE, Kerberos, 2 LDAPs 11/19/2018 3

John Ball john@buffalo.edu Chief Information Technology Architect Middleware Area Coordinator (Manager) Machine Room Service Coordinator Project Manager System Administrator Geek Other duties as assigned… 11/19/2018 4

24 x 7 availability 13 services 24x7 Services composed of smaller components Many dependencies among services Limited window for scheduled service downtime 5am-7am Downtime of any kind wildly unpopular… Business Continuity (Disaster Recovery) Biz cont- ability for central computing center to “Go away” and biz to be able to continue. 11/19/2018 6

Definition of Service (e-mail) 40+ machines that do “e-mail” as perceived by the campus which include: News Listserv White pages LDAP Webmail Central e-mail Priority e-mail Mail throttling Anti-virus scanning Mail filtering 11/19/2018 7

Definition of Service (24 x 7 Auth) 50+ machines - which are broken in to the following components: Meta directory (Oracle) Accounts Active Directory support DCE Kerberos LDAP for Auth WebISO Shibboleth 11/19/2018 8

Service Interdependency Dependencies: E-mail depends on auth and DNS Auth depends on DNS and time, etc. Downtime for one, means downtime for everything up the chain of dependency 11/19/2018 9

Design/Architecture N+1 Machines per service Individual components of a service can be maintained while the service is still available Network layout Load balancing on the network Clustering where appropriate Multiple machine rooms Test gear 11/19/2018 10

N+1 Machines per service Common Hardware base across multiple services Sun or Dell same/similar model types: Dell 1x50s or 2x50s (x is generation of machine) Sun V120s (single CPU), or Sunfire 280s Machines for various services and applications are grouped by these principles during budget time Various other budget principles (cost, discount, end of support by model, etc) are applied and many of the same models are ordered This also applies for sparing and repair 11/19/2018 11

N+1 Machines per service Standard “build” – ability to create multiple near identical servers with minimal effort Flash/Flare Rsync Ghost We can add or remove machines to/from a service based on repairs, scalability (short term load or long term sizing) 11/19/2018 12

N+1 Machines per service Configuring N+1 machines to respond to service requests. Service machine pooling (DCE, AD) DNS round robin Clustering (shared disk or state?) Network load balancing Various subnets (locations) “Next networking” Measuring the load 11/19/2018 13

Servicing Individual Machines Need the ability to take a machine(s) out of service (planned or unplanned) without service interruptions. Not all machines for a service in the same rack, on the same plug strip, on the same circuit, in the same electrical panel, etc. Same for network, not on the same subnet, same switch, etc. 11/19/2018 14

Test Gear Test environment as close to production as feasible N+1 provides possibility to test on a set of production machines Ability to make “flash cuts” and “rolling changes” with N+1 machines This includes fall backs…. 11/19/2018 15

Business Continuity 3 (4th planned) machine rooms Geographically dispersed Service Pooling behind 3 redundant Cisco Content Services Switches DNS round robin Core network redundancy (network loop with multiple internet connections) Clustering and shared SAN storage 11/19/2018 17

Monitoring Custom monitoring – now legacy, mostly with DCE Monitor in a standard way across all services and service components Up does not just mean responding to pings What is user wait time? Avoid reactive monitoring where possible Also looked at MON, SPONGE, and 7 other products that did not meet the requirements. 11/19/2018 18

Big Brother Monitors many “reactive things” Connectivity, CPU, Disk Space, etc. Monitoring of unique service components Web servers, SMTP connects, applications, etc. Monitor “user experience” (delays) Can monitor anything you can log When issues do arise, page/e-mail Dynamic Call list 11/19/2018 19

Staffing/Call List 30 support staff to support: 13 different 24 x 7 services – this means people get paged any time of the day or night for issues 40+ other enterprise services Concept of service teams Escalation outside of service teams Everyone in the group at least knows how to spell LDAP and DCE.  11/19/2018 20

More on Monitoring If the customer is the first one to call about downtime…. You already have a problem. Monitor Pro-actively as much as possible Make monitoring “sane” for support staff 11/19/2018 21

Policy How does data get in to the Metadirectory? Concept of Data Custodian or “owner” What is the authoritative source for each piece of data? Need for Process to get information from the Enterprise Directory Naming standards? Security 11/19/2018 22

How does Data get in? How often is the data changing? When do the updates occur to what systems or directories? Is the data being transferred in a secure manner? SSN user names passwords 11/19/2018 23

Data Custodian This is the question who has the authority to grant access to other data consumers on campus and off. Data consumers can be affiliated people, applications, or off campus Principles for data access No one gets passwords very limited SSN applications get application specific data Departments can have groups prefixed with their entity codes 11/19/2018 24

Authoritative Data Sources For each piece of data in an enterprise directory there needs to be a single authoritative source Groups are a prime example: DCE groups, LDAP groups, AD groups DCE as a legacy is authoritative In the future the meta directory via GROUPER? 11/19/2018 25

Process for requests How does a consumer make a request to the data custodian? What will the data be used for? Auditing access? 11/19/2018 26

Naming Standards Important to choose names that do not break various technologies or directories Concept of enterprise names and entity code names (departmental) All-Campus-Staff vs. All-CIT-Staff or all.campus.staff vs all.cit.staff 11/19/2018 27

Enterprise Directory Interaction Ensure all Enterprise Directories are downstream of the MetaDirectory Data For those exceptions – how does the data make it back to the Meta Directory to populate the other Enterprise Directories? Also how often? Persistent ID’s across enterprise applications - password synchronization? 11/19/2018 28

Questions? John Ball john@buffalo.edu 11/19/2018 29