Presentation is loading. Please wait.

Presentation is loading. Please wait.

NDS and The Computing Infrastructure David S. Condrey, Eric Hester, Dan Schmiedt Division of Computing and Information Technology CLEMSON U N I V E R S.

Published byGiles Mason Modified over 9 years ago

Similar presentations

Presentation on theme: "NDS and The Computing Infrastructure David S. Condrey, Eric Hester, Dan Schmiedt Division of Computing and Information Technology CLEMSON U N I V E R S."— Presentation transcript:

1 NDS and The Computing Infrastructure David S. Condrey, Eric Hester, Dan Schmiedt Division of Computing and Information Technology CLEMSON U N I V E R S I T Y July 8, 1997

2 Agenda n Background on Clemson IS n Mission & Support Structure n Userid Management n Network Design n Server & Network Access n Public Access Labs n Printing n Electronic Mail n Intranet n Authentication Server n Futures

3 Background on Clemson Information Systems

4 Background n Large Systems Background n Strong Development Shop n Mainframe and Open Systems Expertise n Departmental LANs ruled 90’s until NDS n NDS populated in Summer 1995 (36,000) n Departmental LANs gone. More centralized management of the network. n NDS is centerpiece of security and authentication.

5 Mission & Support Structure

6 Mission n Provide computing infrastructure. n Empower Users and Departments. n Provide guidance in selecting solutions based on industry standards. n Deploy solutions to meet the needs of institutional computing. n Provide user support and training.

7 Defining Groups n Network Services - supports the physical network…routers, hubs, backbone n LAN Systems - supports application, group, and personal data servers. n Client Support Group (CSG) - supports faculty and staff via TSPs. n Systems Integration Group (SIG) - supports students and departmental labs.

8 Defining (more) Groups n Computer Resources - assists with user account problems (DCIT sponsored). n College Consultants - DCIT sponsored person and college sponsored person(s) that help support the end users of the college. n Technology Support Provider (TSP) - supports faculty/staff end users n Help Desk - sponsored by DCIT to assist end users.

9 Support Structure n Support is based on a four tier model. Problems Resources Client Support Systems Integration LAN Systems Network Services TSPs HelpDesk Faculty Staff Students 1 2 3 4 College Consultant Computer Resources

10 Server Strategy & Management n Novell and NT servers maintained by Divison of Computing & Info Tech (DCIT). n DCIT provides hardware and Network Operating System (NOS). n DCIT administers backups. n DCIT performs user administration. n Group maintains data and security with help of a Tech Support Provider (TSP). n Virus Protection and Software Metering

11 Userid Management

12 Automatic Userid System (AUS) AUS Personnel Admissions MVS Unix NDS Other

13 Automating User Maintenance MVS Personnel Admissions Other AUS Present Daily UIMPORT Run Summer ‘97 USRMAINT.NLM FTP TCP/IP RealTime NDS Add Users Add Users Modify User Attributes Modify User Attributes Delete Users Delete Users

14 Network Design

15 Physical Network Design 100BT Switch FDDI Server 100BT T1

16 Tree Design

17 Every Person Has a Place

18 Every Group Has a Place

19 Partition Design

20 Use Dedicated “ROOT” Servers for NDS Replicas CU_ROOT_3 100BT Switch CU_ROOT_1 CU_ROOT_2 (ITC) Master for all R/W for all R/W for users “A” to “Z” Group Server R/W optional FDDI

21 Distribute Network Management

22 Login Script Design n Based on Profile scripts and User scripts. n No container scripts. n Use base profiles: (EMPLOYEE, STUDENT) n Base profile includes high level organizational scripts based on membership. n Organizational scripts controlled by TSPs. n Organization scripts may include departmental scripts managed by others.

23 Script Design & Management User Script.EMPLOYEE.employee.clemsonu.GROUPIFS.employee.clemsonu.ENG.ces.clemsonu.BioE.ces..AG.cafls.clemsonu.Forestry.cafls..Civil.ces. ISALAB

24 Server Time Sync Hierarchy Server C Ref Server A Prim Server B Prim Server D Secon Server E Secon External Source

25 Server and Network Resource Access

26 Personal Storage (User Data Servers) StudentD EmployeD Any Faculty or Staff Member Any Student Office, Lab, or DialUp Dorm, Lab, or DialUp

27 Personal Data Server Configuration

28 Collaborative Storage - “Group Servers” (Faculty & Staff) Group Server2 EmployeD Group Server1

29 Collaborative Storage - “App Servers” (Students) StudentD Applications Server(N)

30 Group/App/Root Server Average Configuration

31 Collaborative Storage (Faculty and Students) App Server EmployeD Group Server1 StudentD

32 Public Access Labs

33 DCIT Public Access Labs n For Everyone (not just Students). n Consist of Mac and PC workstations. n Every user has virtual “personal PC”. n All labs are identical to the user. n Each lab has an “application server”. n General purpose apps supplied by DCIT. n DCIT installs and administers applications for departments.

34 Departmental Labs n Marry DCIT’s public lab framework with the specialized needs of a department lab. n Space and workstations provided by the department. n Maintained by the department and SIG. n Allow the user access to the “lab” from anywhere.

35 Supported Operating Systems in Public Labs n Macintosh (System 7.6) n Windows 3.11 n Windows 95

36 Macintosh Lab Operation n System 7.6 boots normally. n “Assimilator” is launched from the startup items to ensure drive integrity. n Custom contextless login program is launched. n The user logs out returning the machine to the login program

37 The Assimilator AppleShare FileServer Work- station Lab 1 Macintosh Workstation Disk Image Applications n Appleshare File Servers contain a image of a “perfect” workstation drive. n Assimilator is not currently NDS aware so, images are currently stored on Macintosh Appleshare fileservers. nThe Assimilator performs comparison of the local drive to this “perfect” image. nThe Assimilator then copies missing files, replaces modified files, and removes extraneous files.

38 Macintosh Contextless Login n Program not only provides contextless login, but mounts users home directory on the desktop. n We are currently on our second revision. First revision was written in C++ only using the NWSDK. n Second revision now uses Applescript by means of Eric Bratton’s NDS OSAX scripting additions allowing much more flexibility.

39 Windows 3.11 Lab Workstation Operation n Workstation boots and goes through “Isitcool” process. n Workstation runs “The Conformist” to ensure integrity. n Workstation loads “MiniWin” with custom contextless login program. n After user logs in, user’s own copy of windows is launched. n All settings are saved at windows exit and user logs out, returning station to login program.

40 Isitcool - Fail-over Applications Server Attachment Applications Server(2) ISITCOOL NLM Applications Server(n) ISITCOOL NLM Applications Server(1) Work- station Lab 1 ISITCOOL NLM Workstation Disk Image Applications 1. Using IP, get info from primary app server ISITCOOL. 2. If attach failure or ISITCOOL reports no, try next server. 3. Attach to server using Netware client. Isitcool? NO! YES!

41 The Conformist Applications Server(1) Work- station Lab 1 ISITCOOL NLM Workstation Disk Image Applications n Written by Clemson to duplicate functionality of Assimilator on the Macintosh n All application servers contain a image of a “perfect” workstation drive. nThe conformist performs comparison of the local drive to this “perfect” image. nThe conformist then copies missing files, replaces modified files, and removes extraneous files. nThe conformist can also allow for slight variations between workstations via its configuration file based on environment variables.

42 Contextless login program n Runs under a scaled down version of windows 3.11 we call “MiniWin” consisting only of vital 3.11 files (approx 2-3megs). n When userid and password are entered and the user presses “login” we search for the userid in the three user containers and log that user in if found. n Once Logged in, the login script is processed into a batch file which is then executed on the close of “MiniWin”

43 Windows 3.11 Virtual PC n We use a shared network installation in reverse. n Windows executables, dlls, etc are stored on the local drive. n User settings, and data are stored on the network in the users home directory. n Machine specific settings are modified at login based on location and machine type in use.

44 Windows 95 Lab Workstation Operation n Workstation boots Windows 95 normally n SFLogin is loaded for contextless login. n Isitcool is run to select available app server. n Roaming profile is loaded to provide virtual PC. n User logs out and all settings are saved to profile. n PCRDist is run to ensure drive integrity. n System returns to SFLogin.

45 SFLogin n Purchased from Netoria, Inc. n Performs similar contextless login to windows 3.11 solution. n SFLogin was selected because of its tight integration with Client32. n Currently search ENTIRE tree for userid. Netoria is working on a search filter feature for us.

46 Windows 95 Roaming Profiles n We use standard Windows 95 profiles with a few slight modifications. n Using registry keys, use of the Netware home directory for roaming profiles is disabled. n The local path for the profile is then made to point back to their Netware home directory.

47 Windows 95 Roaming Profiles n The final result is that Windows 95 believes the copy of their profile is local. n It is therefore not copied at login and logout, saving time and network bandwidth.

48 PCRDist n Purchased from Pyzzo Software. n Maintains workstation hard drives in a similar manner as “The Conformist.” n Also performs the same image comparison function on the registry.

49 Printing

50 Printing Strategy n All shared printers are network attach supporting only IPX protocol (HP-Jetdirect) n All printer access is controlled through NDS print queues. n Unix Print Services makes any print queue available to Unix/MVS/??? hosts using standard LPR/LPD protocols. n Unix Print Services also makes high speed institutional printers on MVS available to both Netware and Unix users/applications.

51 NDS Design for Printing

52 Electronic Mail

53 Electronic Mail Server: n Based on Sun Solaris. n No user accounts required on Solaris. n Server software developed at Clemson. n Multiple recipients / one copy of message. n Server based on POP/MIME Internet standard protocols. IMAP4 coming? n Eudora site license purchased by DCIT. n Listserver gaining wide spread acceptance and use. Class/section list automated.

54 Mail Server DOS POPc mainframe POPc Windows POPc Mac POPc UNIX POPc OS/2 POPc ? ? popD ListD Mail Server Mail Server

55 Mail Server: Statistics 199519961997*Category 14k 46k85kDaily Average POP Connections 13k36k62kDaily Average Msgs Retrieved from Server 27k48k92kAverage Msgs Sent using Server per day *based on partial year statistics through May 26, 1997.

56 Automated Distribution Lists MVS OS/390 ListMGR popD ListD Mail Server Mail Server TCP/IP Class Roles Departments

57 Automated NDS Group Membership MVS OS/390 ListMGR popD ListD Mail Server Mail Server TCP/IP Class Roles Departments NDS GroupMGR NLM TCP/IP

58 Student Interface to Collaborative Storage n Use DMO’s along with a graphical tool to have users select and map network resources to make them available.

59 Managing Distribution Lists with NDS popD ListD Mail Server Mail Server GroupMGR.NLM Monitor group membership modifications RegisterForEvent() TCP/IP NDS 1. Membership 2. See Also

60 NDS Interface to the List Server n Enabler for collaborative work between Faculty and Students. n Uses data from employee system on MVS to keep department NDS groups correct. n Lets users use NWAdmin to administer e- mail lists n Eliminates need to make changes to NDS and the list server. n Ensures that data is correct everywhere.

61 Intranet

62 WEB Serving n Institutional Servers n Department or Group Servers n Organizational Page Servers n Personal Page Servers n Administrative and Student Application Page Servers

63 NDS web Security via NT/Unix/?

64 Authentication Server

65 Authentication Server n Too many userid/password combinations for each user to remember. n Need central set of secure servers that all systems use for authentication. n Clemson University Personal ID (CUPID). n Based on Automatic Userid System (AUS). n Idea born in interdepartmental task force. n Production on July 1, 1996.

66 Authentication Server MAIL authC WEB authC mainframe authC Unix authC Netware authC Sun authC NT authC Oracle authC

67 NDSNDS IntranetWare Server BIntranetWare Server A AUTHSERV.NLM IntranetWare Server C Mainframe(MVS) VTAM RACF AuthClient Onlines MAIL(solaris) AuthClient POPd NTServer(4.0) AuthClient Website Application User Workstation (‘95/Mac/NT Workstation) Eudora TN3270NetscapeLogin.exe Linux AuthClient Apache Application AUTHSERV.NLM

68 Authentication Server n NLM is multithreaded. n Clients use common code base. n Clients have builtin failover capability. n Communication based on TCP/IP sockets. n >90% successful password checks complete in less than 0.1 seconds. n >2 million requests serviced by primary server over a 6 week period. 50,000/day

69 (Back to) Intranet

70 NDS Authentication through NT/Unix/other To the WEB? Application: Employee Info System (EIS) Type: WEB Server OS: Windows NT 4.0 Server Enabling App: Website/Visual Basic

71 Using NDS Security Across the Intranet Authenticated Client Server Auth Client Authentication Server NDS Netscape IIS 32bit DLL AUTHSERV NLM NDS Page request CheckEquiv Check Security Equivalence Locate user object and run equivalence list. NT 4.0

72 AUTHSERV Client Functions n Password Check n Password Change n Resolve to Fully Distinguished Name n Check Security Equivalence n Return Group Membership n Misc Administrative Functions

73 Authentication Server as an NDS Data Gateway Application: Call Tracking System Type: WEB Server OS: Windows NT 4.0 Server Enabling App: Website/Visual Basic Not Assigned BILL BROYLES CCR DAVE DAVIDC DON JAMBO YATES DAVIDC

74 Caldera OpenLinux and Apache Caldera OpenLinux File Server File Server File Server AuthC Browser AuthServer File Server File Server n WEB gateway to Netware File System.

75 Caldera OpenLinux and Apache n First attempt to provide web services via Novell made use of Novell’s IntranetWare Web Server 1.0 which simply was not reliable. n Caldera OpenLinux provided robust unix connectivity to NDS and supported the industry standard Apache web server. n Out of the box Caldera/Apache did not provide home directory redirection and/or authentication. It did however provide the source code needed to make these modifications.

76 Caldera OpenLinux and Apache Modifications n Added a module that would link Apache’s UserDir directive to the user’s Novell home directory. n Making http://www.clemson.edu/~erich point to EMPLOYED/USR02:\USERS\U20\ERICH\PUBLIC.WWW n Since Caldera is NDS aware, this also allows us to serve group web sites via their own group servers.

77 Web Interface to Home Directories via Authserv NDS Gateway Application: Personal Pages Type: WEB Server OS: Linux Server Enabling App: Apache/Caldera http://www.clemson.edu/~acollin

78 Web Interface to Department Pages Application: Departmental Pages Type: WEB Server OS: Linux Server Enabling App: Apache/Caldera http://dcitnds.clemson.edu/CSO/depts/maint

79 Caldera OpenLinux and Apache Modifications n Added another module using the previously mentioned Authentication Server routines to provide both user and group authentication. n Makes use of standard HTACCESS format with additional Novell Directives.

80 Using NDS to Secure Web Pages NovellAuth on AuthName Novell Tree AuthType Basic require user gmcochr require user kellen require group.resadmin.groups.employee.clemsonu

81 Futures

82 WebAuth: Web Single Signon Workstation 3rd Party WebServer WebAuth Client AuthServ NLM NDS WebAuth NLM Auth Client Web Browser 1 Web Browser 2 DCIT Authentication WebServer WebAuth Trusted Client CHECK STORE Only trusted web servers prompt for userid password and set cookie in browser. Other web servers must use the cookie to determine the user. Redirect

83 Auditing NDS Connections n Have not had much luck with standard auditing in 4.x n Hook login/logout in AUDITLGN.NLM n Writes easy to manipulate log files n Data logged includes fully distinguished object name, login time, logout time, and MAC address n Monitor file server and print server as well as user connections.

84 Dialin n Mostly Rely on contract between users and ISPs for dialin access. Campus-MCI. n Some PPP connectivity through Livingston server with Radius modified to use NDS via the Authentication Server. n Attempting to get Netware/IP deployed this summer for file server connectivity via PPP. n Starting to deploy DHCP for dialin and dorm usage only.

85 Server Growth n Split User Data Servers (ie: StudentD1 and StudentD2) n Common access server for both Students and Faculty/Staff (scratch disk) n Develop tools for user disk cleanup. n Develop more tools to help end users get more out of NDS and the network in general.

86 What We Need n Web interface to unresolved as well as resolved issues at Novell. n More out of SMP. n NDS on NT (no replicas required). n Help from Novell on resolving “NT Server” marketing-through-documentation issues. n Code Exits in Novell Products such as client32, Radius, FTP server, Web server. n Good performance monitoring (SMP) tools.

87 That’s It! (that’s enough..) people.clemson.edu/groups/lansystems

Download ppt "NDS and The Computing Infrastructure David S. Condrey, Eric Hester, Dan Schmiedt Division of Computing and Information Technology CLEMSON U N I V E R S."

Similar presentations

Computer networks Fundamentals of Information Technology Session 6.

Computer networks Fundamentals of Information Technology Session 6.
Windows Deployment Services WDS for Large Scale Enterprises and Small IT Shops Presented By: Ryan Drown Systems Administrator for Krannert.

Windows Deployment Services WDS for Large Scale Enterprises and Small IT Shops Presented By: Ryan Drown Systems Administrator for Krannert.
Chapter 7 LAN Operating Systems LAN Software Software Compatibility Network Operating System (NOP) Architecture NOP Functions NOP Trends.

Chapter 7 LAN Operating Systems LAN Software Software Compatibility Network Operating System (NOP) Architecture NOP Functions NOP Trends.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:

Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:

Network Redesign and Palette 2.0. The Mission of GCIS* Provide all of our users optimal access to GCC’s technology resources. *(GCC Information Services:
Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.

Homework 3.2 Clients Hub What’s wrong with this picture? Clients Using 100TX.
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.

Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 10 Netware-Based Networking.
Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.

Chapter Nine NetWare-Based Networking. Objectives Identify the advantages of using the NetWare network operating system Describe NetWare’s server hardware.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

Similar presentations

Ads by Google