Download presentation
Presentation is loading. Please wait.
Published byTiffany Martha Palmer Modified over 9 years ago
1
PASS Migration – Update V A Retrospective Current Issues Future Directions with Jeff D’Angelo NWOP 2008/08/18
2
PASS Migration – A Retrospective Need arose: Replace DCE/DFS with Kerberos/LDAP/GPFS Replacement authentication & directory services ran in parallel for years PASS Beta launched December 2007 Early migration to new PASS June 2008 Final migration July 3-4 2008
3
PASS Migration – A Retrospective What went well: Completed data migration on time Most critical functionality preserved Internal and external communication processes improved Not so well: 3 rd party software incompatibilities
4
PASS Migration – A Retrospective Major Changes: CIFS/NFS require kerberos Quota behavior Permissions (ACLs) NFSv4 based UNIX system changes php.scripts.psu.edu major changes SSH host key changes (sftp / UNIX) Path changes (e.g. /pass) MIT KDCs: Longer Kerberos ticket lifetimes LDAP schema / attribute usage for PASS http://www.personal.psu.edu/jcd/blogs/NextPass/ 2008/07/pass-migration-complete.html
5
PASS Migration – Current Issues Documentation still in development, e.g.: Mounting NFS Gateway from Mac Known issues KB articles
6
PASS Migration – Current Issues PASS Gateway server issues 32 group limit for CIFS
7
PASS Migration – Current Issues PASS Gateway client issues Windows AD domain w/ dce.psu.edu trust Works automatically Windows (w/o AD) requires for Kerberos: Must specify user User must include domain
8
PASS Migration – Current Issues PASS Gateway client issues Mac OS X Ticket problem while authenticated to AD Leopard’s Finder misinterprets CIFS ACLs Kerberos requirement precludes Tiger NFS NFSv3 requires multiple mounts
9
PASS Migration – Current Issues PASS Gateway client issues Linux mount.cifs has no kerberos support yet NFSv4 performance less than peers Ticket renewal (beyond 14 days) “nfs” service principal required for NFS client
10
PASS Migration – Current Issues PASS Gateway client issues Solaris NFSv4 ls / stat() issue AIX NFS Executable error “Cannot open or remove a file containing a running program”
11
PASS Migration – Current Issues Secure Shell / Secure File Transfer Host key changes sftp.pass.psu.edu, sftp.personal.psul.edu rs6klab.aset.psu.edu Fugu may hang kb.its.psu.edu/psu-all/hd/fuguhangs kb.its.psu.edu/psu-all/hd/fuguhangs
12
PASS Migration – Current Issues Web services www.courses.psu.edu www.courses.psu.edu now uses SSL for all content, WebAccess for protected content PHP content no longer automatic Apache 2: Server Side Includes (SSI) Old MIME type activation no longer supported despite docs PHP users may need to update/remove default.htaccess
13
PASS Migration – FIXED Issues FIXED Issues: PASS Explorer Browse-To list auto groups CIFS READ-ONLY attribute falsely set PHP SQLite2 driver missing Cbs UNIX cluster back after hiatus
14
PASS Migration – New Directions Where are we now? Beta / Early migration systems down: today Fixing / Documenting known issues Web permissions tools further development Add new features to File Permissions Manager Create Web Services based command line tool Mac mount PASS tool update for NFS
15
PASS Migration – New Directions Where are we going? GPFS data redundancy New quota limit – mid semester DCE/DFS shut down December 2008 Enhanced quota system – expected summer 2009 Permissions tools integration (web/file) Kerberized sftp/ssh login Self-serve kerberos keytabs UMG updates
16
PASS Migration Timeline DateMilestoneHow this is definedEstimated ImpactCompleted March 17, 2008 Open Beta period begins Enrollment for the testing environment is announced for all of Penn State. All the current functionality in PASS space is available to the testers. YES May 30, 2008 Begin Internal ITS Migration All Production services are operational. The Pre- tag will remain until the Final Cutover. All ITS Units under /dept/its space YES May 30-June 30, 2008 Open Penn State Early Migration We will offer the option to perform a timely migration in advance before the final move on July 4th. Announcement to ITS staff targeted for mid- May. YES July 3, 5 p.m. Through July 7, 7 a.m. Complete Data Migration, PASS goes read-only for the 3 day weekend DFS is locked into a read- only state. All systems and data remaining in DFS are moved into GPFS. No turning back. All our dependent systems YES December 2008 Decommission DCE/DFS Shut off existing systems. Repurpose Hardware. Plan for next hardware/power issues. Hopefully NoneNo
17
PASS Migration Resources: Kerberos Authentication For Kerberos auth to the Penn State Kerberos realm (dce.psu.edu) for either Mac, Windows or Linux clients. Mac OS X:CLC has documented setting up Kerberos auth on OSX http://clc.its.psu.edu/Labs/Mac/Resources/authdoc/default.aspx http://clc.its.psu.edu/Labs/Mac/help/privatefilespace/macpass.aspx LINUX: For discussion of Kerberos auth and SSO see: https://wikispaces.psu.edu/display/access/Kerberos WINDOWS:For discussion of Kerberos auth and SSO see: https://wikispaces.psu.edu/display/access/Kerberos+on+Windows Note: The registry key that must be installed on the windows clients is called "psuksetup.reg" and is available here: http://aset.its.psu.edu/docs/windows/active_directory/kdcrecords.html
18
PASS Migration Resources: Online Learning Materials Publishing: The Infrastructure at Penn State http://portfolio.psu.edu/files/eportfolio/PASS_blogs_viewlet_swf.html The Files in Your PASS Space: A Guided Tour http://portfolio.psu.edu/files/eportfolio/PASS_tour_viewlet_swf.html Publishing in your Penn State Web Space http://portfolio.psu.edu/files/eportfolio/Publishing_in_PASS.pdf
19
PASS Migration Resources: Online Documentation 1. The MIT Kerberos tools for various OS http://web.mit.edu/Kerberos/dist/index.html 2. New Public Online Documentation for PASS http://its.psu.edu/PASS/ http://its.psu.edu/PASS/ 3. Wikispaces – for Penn State affiliated Faculty and Staff http://wikispaces.psu.edu/display/PASS http://wikispaces.psu.edu/display/PASS 4. Next PASS Blog by Jeff D’Angelo http://www.personal.psu.edu/jcd/blogs/NextPass/ http://www.personal.psu.edu/jcd/blogs/NextPass/
20
Active Directory Update ACCESS.PSU.EDU forest Exchange 2007 support introduced
21
Search Engine Update Upgrade expected Fall 2008 New hardware Out: 1 x GB-5005 In: 2 x GB-1001 New software GSA 4.x -> 5.x
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.