Presentation is loading. Please wait.

Presentation is loading. Please wait.

I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota,

Published byDominick Donald Hall Modified over 9 years ago

Similar presentations

Presentation on theme: "I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota,"— Presentation transcript:

1 I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota, Maryland, Colorado Edu-Person and Directory of Directories

2 I2-MI Middleware 2012 Directory Operations It’s Getting Deeper Michael R. Gettes Lead Application Systems Integrator Georgetown University gettes@Georgetown.EDU Internet2 Middleware 201

3 I2-MI Middleware 2013 How Deep? Site Profile - configuration Applications General Operational Controls Access Lists Replication Related Directories Directory of Directories

4 I2-MI Middleware 2014 Site Profile dc=georgetown,dc=edu Netscape/iPlanet DS version 4.11 – 2 Sun E250 dual cpu, 512MB RAM 65,000 DNs (25K campus, others = alums + etc) Directory + apps implemented in 6 months Distinguished names: uid=x,ou=people – DC rant? Where is Bob Morgan when you need him? – Does UUID in DN really work? NSDS pre-op plugin (by gettes@Princeton.EDU) – Authentication over SSL; Required – Can do Kerberos – perf problems to resolve 1 supplier, 4 consumers

5 I2-MI Middleware 2015 Applications Mail routing with Sendmail 8.10 (lists also) Netscape messaging server v 4.15 (IMAP) – WebMail profile stored in LDAP Apache web server for Netscape roaming Apache & Netscape enterprise web servers Blackboard CourseInfo enterprise edition Whitepages: Directory Server GateWay DSGW for priv’d access and maintenance DSGW

6 I2-MI Middleware 2016 Applications (Continued) Remote access with RADIUS (funk). – No SSL or proper LDAP binding (as of 3/2000). – Authenticates and authorizes for dial-up, DSL and VPN services using RADIUS called-id. Alumni services (HoyasOnline). – External vendor in Dallas, TX (PCI). – They authenticate back to home directories. Apache used to authenticate and proxy to backend IIS server. – Email Forwarding for Life!

7 I2-MI Middleware 2017 Applications (Continued) Specialized support apps – Self service mail routing – Help Desk: mail routing, password resets, quota management via DSGW – Change password web page Person registry populates LDAP people data, currently MVS based. PerLDAP used quite a bit – very powerful!

8 I2-MI Middleware 2018 Applications (Continued) Georgetown Netscape communicator (CCK).CCK – Configured for central IMAP/SSL and directory services. – Handles versions of profiles. Poor man’s MCD Future: more apps! Host DB, Kerberos integration, win2k/ad integration?, Oracle RADIUS integration, Automatic lists, Dynamic/static Groups.

9 I2-MI Middleware 2019 NET ID TMS HRIS SIS Alumni LDAP Master Client Browser WWW hoyasonline Content PCI (Dallas) Vendor-provided services GU Backend Server GU provided self- service applications LDAP Slave OS/390 HoyasOnline Architecture

10 I2-MI Middleware 20110 General Operational Controls Size limit trolling (300 or 20 entries?) Lookthru limit (set very low) Limit 3 processors for now, MP issues still! 100MB footprint, about 8000 DNs in cache – Your mileage will vary – follow cache guidelines 24x7 operations What can users change?? (Very little) No write intensive applications

11 I2-MI Middleware 20111 General Ops Controls (cont…) Anonymous access allowed – Needed for email clients – Anonymous access is good if you resolve FERPA and other data access issues.

12 I2-MI Middleware 20112 Schema: Design & Maint Unified namespace: there can be only one! Schema design and maintenance – Space/time tradeoffs on indexing – Edu-person 0.9 vs. guPerson – guRestrict, guEmailBox, guAffil, guPrimAfil – guPWTimebomb, guRadProf, guType, guSSN – Relationships (guref) Maintained by OC and AT ldif files using ldapmodifyOCAT

13 I2-MI Middleware 20113 Access Lists: Design & Maint Access lists: design & maintenance – Buckley(FERPA) protection & services – Priv’d users and services – userPassword & SSN Maintained by file using ldapmodifyfile Working on large group controls now at GU

14 I2-MI Middleware 20114 Data/Replica Structure MASTER DUMPER WHITEPAGES MAILHOST POSTOFFICE NetID Registry Web Servers Users

15 I2-MI Middleware 20115 Replication Application/user performance Failover, user and app service Impact of DC= naming (replica init) Monitoring: web page and notification Dumper replica – periodic LDIF dumps Backups? We don’t need no stinkin’ backups! – No good solution for backups

16 I2-MI Middleware 20116 Replication (Continued) Application/users config for mult servers Deterministic operations vs random Failover works for online repairs Config servers are replicated also 10 to 1 SRA/CRA ratio recommended Cannot cascade with DC= (netscape) – Cascading is scary to me

17 I2-MI Middleware 20117 Netscape Console Java program (FAT client). Used to create, configure and monitor Netscape servers. Preferred the web page paradigm of the version 3 products. Has enough bugs that it is only used by server admins, not for mere mortals. Demo???

18 I2-MI Middleware 20118 Other Directories Novell – abandoning GroupWise. Active directory??? Ugh!!! Integrate whitepages service with hospital.

19 I2-MI Middleware 20119 Directory of Directories Outgrowth of Georgetown WhitePages problem Exposes common schema issues. Edu-person 0.9. Performance issues for massively parallel searches. Interesting lessons learned about LDAP API. Working with iPlanet/Netscape to use DSGW for this project. Will it be more than just an experiment?

Download ppt "I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota,"

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Directory of Directories for Higher Education (DoDHE) October 5, 2001 Michael R. Gettes Principal Technologist Georgetown University Project Leader, DoDHE.

Directory of Directories for Higher Education (DoDHE) October 5, 2001 Michael R. Gettes Principal Technologist Georgetown University Project Leader, DoDHE.
Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.

Authenticated QoS Signaling William A. (Andy) Adamson Olga Kornievskaia CITI, University of Michigan.
January 6, 1999Common Solutions Group1 X.509 University Michael R. Gettes Princeton University Computing & Information Technology.

January 6, 1999Common Solutions Group1 X.509 University Michael R. Gettes Princeton University Computing & Information Technology.
Identity and Security Management Kevin Unthank Senior Product Manager Red Hat Security Management Products Cloud Business Unit.

Identity and Security Management Kevin Unthank Senior Product Manager Red Hat Security Management Products Cloud Business Unit.
Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.

Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.
Mike Bayne 15 September 2011

Mike Bayne 15 September 2011
Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.

Directories at the University of Florida Mike Conlon Director of Data Infrastructure University of Florida.
FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University

FSU Directory Project The Issue of Identity Management Jeff Bauer Florida State University
EDUCAUSE Nov, 2003 Directory-Enabling Applications: Techniques from the Trenches Brendan Bellina Senior Systems Engineer University of Notre Dame This.

EDUCAUSE Nov, 2003 Directory-Enabling Applications: Techniques from the Trenches Brendan Bellina Senior Systems Engineer University of Notre Dame This.
MyFloridaMarketPlace Roundtable Technical/Networking Presentation March 19, 2003 9:00 a.m. – noon.

MyFloridaMarketPlace Roundtable Technical/Networking Presentation March 19, :00 a.m. – noon.
Information Technology Registry Services Security LDAP-based Attributes and Authentication.

Information Technology Registry Services Security LDAP-based Attributes and Authentication.
PKI Georgetown University or Whaassuuuup PKI? Michael R. Gettes Lead Application Systems Integrator “LASI”

PKI Georgetown University or Whaassuuuup PKI? Michael R. Gettes Lead Application Systems Integrator “LASI”
Internet2 Middleware Drinking Kool-Aid From A Fire Hose or Sniffing Glue-Ware Michael R. Gettes Principal Technologist Georgetown University

Internet2 Middleware Drinking Kool-Aid From A Fire Hose or Sniffing Glue-Ware Michael R. Gettes Principal Technologist Georgetown University
Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.

Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.
© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.

© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
Middleware 201.5 Directories Application Specific Issues Michael R. Gettes Principal Technologist Georgetown University Copyright.

Middleware Directories Application Specific Issues Michael R. Gettes Principal Technologist Georgetown University Copyright.
Module 2 Deploying SharePoint Portal Server 2003.

Module 2 Deploying SharePoint Portal Server 2003.

Similar presentations

Ads by Google