I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota,

Slides:

Advertisements

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Advertisements

Welcome to Middleware Joseph Amrithraj

Directory of Directories for Higher Education (DoDHE) October 5, 2001 Michael R. Gettes Principal Technologist Georgetown University Project Leader, DoDHE.

Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.

January 6, 1999Common Solutions Group1 X.509 University Michael R. Gettes Princeton University Computing & Information Technology.

Identity and Security Management Kevin Unthank Senior Product Manager Red Hat Security Management Products Cloud Business Unit.

Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.

Mike Bayne 15 September 2011

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

EDUCAUSE Nov, 2003 Directory-Enabling Applications: Techniques from the Trenches Brendan Bellina Senior Systems Engineer University of Notre Dame This.

MyFloridaMarketPlace Roundtable Technical/Networking Presentation March 19, :00 a.m. – noon.

Information Technology Registry Services Security LDAP-based Attributes and Authentication.

PKI Georgetown University or Whaassuuuup PKI? Michael R. Gettes Lead Application Systems Integrator “LASI”

Internet2 Middleware Drinking Kool-Aid From A Fire Hose or Sniffing Glue-Ware Michael R. Gettes Principal Technologist Georgetown University

Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.

© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

Middleware Directories Application Specific Issues Michael R. Gettes Principal Technologist Georgetown University Copyright.

Module 2 Deploying SharePoint Portal Server 2003.

Internet2 Middleware in ? minutes Drinking Kool-Aid From A Fire Hose Michael R. Gettes Georgetown University

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.

Oracle Application Server 10g (9.0.4) Recommended Topologies Pavana Jain.

Who’s Who and What’s What in the University Directory at Georgetown Common Solutions Group Spring Meeting University of Chicago May 9, 2002 Charles F.

1 Agenda? Middleware Levelset Middleware 201 (Directories) Break?? Continue Lunch.

Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.

USM Regional PeopleSoft Conference

9/16/1998CSG - Chicago E- 1 Collaboration Services Group (CSG) Systems And Networking Computing & Information.

Overview of MSS System Human Actors Non-Human Actors In-house developed components Third party products.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Overview Scale out architecture Servers, services, and topology in Central Administration.

Sakai/OSP Portfolio UvA Bas Toeter Universiteit van Amsterdam

NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.

Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?

TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,

USERS Implementers Target Communities NMI Integration Testbed The NMI Integration Testbed NMI Participation Developed and managed by SURA Evaluate NMI.

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Sudha Iyer Principal Product Manager Oracle Corporation.

ArcGIS Server for Administrators

Middleware 201 Directories Configuration & Operations Michael R. Gettes Lead Application Systems Integrator Georgetown University

Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

Apache DS 2.0 Emmanuel Lécharny Nextury What's new ?

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

4 October 2001 Tuning in to H.323 / LDAP security What this presentation is about - RADvision ECS registration control via LDAP - information and configs.

CNN Case Study: Deploying eDirectory ™ in a UNIX Environment Steve Brunton Chief Engineer CNN Internet Technologies

LDAP- Protocol and Applications. Role of LDAP Allow clients to access a directory service Directories hold hierarchical structured information Clients.

May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG)

Common Solutions Group January 9, 2001 CorporateTime Calendaring.

Microsoft ® Lync™ Server 2010 Setup and Deployment Module 04 Microsoft Corporation.

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

1 Directory Services  What is a Directory Service?  Directory Services model  Directory Services naming model  X.500 and LDAP  Implementations of.

LDAP Overview Kevin Moseley Server Team Manager Walgreen Co.

Jean-Philippe Baud, IT-GD, CERN November 2007

The Apache Directory Project - Toolchain for Developers

Web Portal Project.

SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH

Implementation and configuration of LDAP

Welcome To : Group 1 VC Presentation

Operational Issues in Directories (selected)

Designing IIS Security (IIS – Internet Information Service)

Tyler Technologies presents: What you need to know about upcoming changes to your New World ERP technical environment in Mike Adnson | Launch Manager,

Presentation transcript:

I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota, Maryland, Colorado Edu-Person and Directory of Directories

I2-MI Middleware 2012 Directory Operations It’s Getting Deeper Michael R. Gettes Lead Application Systems Integrator Georgetown University Internet2 Middleware 201

I2-MI Middleware 2013 How Deep? Site Profile - configuration Applications General Operational Controls Access Lists Replication Related Directories Directory of Directories

I2-MI Middleware 2014 Site Profile dc=georgetown,dc=edu Netscape/iPlanet DS version 4.11 – 2 Sun E250 dual cpu, 512MB RAM 65,000 DNs (25K campus, others = alums + etc) Directory + apps implemented in 6 months Distinguished names: uid=x,ou=people – DC rant? Where is Bob Morgan when you need him? – Does UUID in DN really work? NSDS pre-op plugin (by – Authentication over SSL; Required – Can do Kerberos – perf problems to resolve 1 supplier, 4 consumers

I2-MI Middleware 2015 Applications Mail routing with Sendmail 8.10 (lists also) Netscape messaging server v 4.15 (IMAP) – WebMail profile stored in LDAP Apache web server for Netscape roaming Apache & Netscape enterprise web servers Blackboard CourseInfo enterprise edition Whitepages: Directory Server GateWay DSGW for priv’d access and maintenance DSGW

I2-MI Middleware 2016 Applications (Continued) Remote access with RADIUS (funk). – No SSL or proper LDAP binding (as of 3/2000). – Authenticates and authorizes for dial-up, DSL and VPN services using RADIUS called-id. Alumni services (HoyasOnline). – External vendor in Dallas, TX (PCI). – They authenticate back to home directories. Apache used to authenticate and proxy to backend IIS server. – Forwarding for Life!

I2-MI Middleware 2017 Applications (Continued) Specialized support apps – Self service mail routing – Help Desk: mail routing, password resets, quota management via DSGW – Change password web page Person registry populates LDAP people data, currently MVS based. PerLDAP used quite a bit – very powerful!

I2-MI Middleware 2018 Applications (Continued) Georgetown Netscape communicator (CCK).CCK – Configured for central IMAP/SSL and directory services. – Handles versions of profiles. Poor man’s MCD Future: more apps! Host DB, Kerberos integration, win2k/ad integration?, Oracle RADIUS integration, Automatic lists, Dynamic/static Groups.

I2-MI Middleware 2019 NET ID TMS HRIS SIS Alumni LDAP Master Client Browser WWW hoyasonline Content PCI (Dallas) Vendor-provided services GU Backend Server GU provided self- service applications LDAP Slave OS/390 HoyasOnline Architecture

I2-MI Middleware General Operational Controls Size limit trolling (300 or 20 entries?) Lookthru limit (set very low) Limit 3 processors for now, MP issues still! 100MB footprint, about 8000 DNs in cache – Your mileage will vary – follow cache guidelines 24x7 operations What can users change?? (Very little) No write intensive applications

I2-MI Middleware General Ops Controls (cont…) Anonymous access allowed – Needed for clients – Anonymous access is good if you resolve FERPA and other data access issues.

I2-MI Middleware Schema: Design & Maint Unified namespace: there can be only one! Schema design and maintenance – Space/time tradeoffs on indexing – Edu-person 0.9 vs. guPerson – guRestrict, gu Box, guAffil, guPrimAfil – guPWTimebomb, guRadProf, guType, guSSN – Relationships (guref) Maintained by OC and AT ldif files using ldapmodifyOCAT

I2-MI Middleware Access Lists: Design & Maint Access lists: design & maintenance – Buckley(FERPA) protection & services – Priv’d users and services – userPassword & SSN Maintained by file using ldapmodifyfile Working on large group controls now at GU

I2-MI Middleware Data/Replica Structure MASTER DUMPER WHITEPAGES MAILHOST POSTOFFICE NetID Registry Web Servers Users

I2-MI Middleware Replication Application/user performance Failover, user and app service Impact of DC= naming (replica init) Monitoring: web page and notification Dumper replica – periodic LDIF dumps Backups? We don’t need no stinkin’ backups! – No good solution for backups

I2-MI Middleware Replication (Continued) Application/users config for mult servers Deterministic operations vs random Failover works for online repairs Config servers are replicated also 10 to 1 SRA/CRA ratio recommended Cannot cascade with DC= (netscape) – Cascading is scary to me

I2-MI Middleware Netscape Console Java program (FAT client). Used to create, configure and monitor Netscape servers. Preferred the web page paradigm of the version 3 products. Has enough bugs that it is only used by server admins, not for mere mortals. Demo???

I2-MI Middleware Other Directories Novell – abandoning GroupWise. Active directory??? Ugh!!! Integrate whitepages service with hospital.

I2-MI Middleware Directory of Directories Outgrowth of Georgetown WhitePages problem Exposes common schema issues. Edu-person 0.9. Performance issues for massively parallel searches. Interesting lessons learned about LDAP API. Working with iPlanet/Netscape to use DSGW for this project. Will it be more than just an experiment?