Скачать презентацию Frank Grewe fjg umn edu Office of Information Technology Скачать презентацию Frank Grewe fjg umn edu Office of Information Technology

b276f951a35000feeae5bddcb08b7a4f.ppt

  • Количество слайдов: 18

Frank Grewe (fjg@umn. edu) Office of Information Technology University of Minnesota Frank Grewe (fjg@umn. edu) Office of Information Technology University of Minnesota

Physical Plant • 4 different locations – 3 production • WBOB • NTC • Physical Plant • 4 different locations – 3 production • WBOB • NTC • AHC – 1 development/backup • Lind Hall

Black Box • Locked 19” rack – 2 fiber pairs configured as 200 MB Black Box • Locked 19” rack – 2 fiber pairs configured as 200 MB etherchannel – 2 power connections – 2 phone lines

Hardware • • Ether Switch Terminal Server (2) Modems SUN Netra T 1 (8) Hardware • • Ether Switch Terminal Server (2) Modems SUN Netra T 1 (8) SUN Netra X 1 Dell 2450 SUN 420 R/A 1000 SUN E 450

Services • • Administration/monitoring/security Certificate Authority X. 500 DSA “Repository” Directory gateways Web services Services • • Administration/monitoring/security Certificate Authority X. 500 DSA “Repository” Directory gateways Web services Email, etc… Active Directory!

Networks • Private VLAN • Local (umn. edu) • Internet Networks • Private VLAN • Local (umn. edu) • Internet

Remote Admin • Terminal Server connects to console ports (vcon) • System/application monitoring (mon) Remote Admin • Terminal Server connects to console ports (vcon) • System/application monitoring (mon) • Security monitoring • Oncall paging

History • Vision for universal internet access – E-Mail – Gopher – News – History • Vision for universal internet access – E-Mail – Gopher – News – Modem Pool – Etc • Directory seen as a lookup mechanism

White Pages • • • finger whois ph gopher http ldap White Pages • • • finger whois ph gopher http ldap

Fueled Cooperation • First visible joint project between what was then Academic and Administrative Fueled Cooperation • First visible joint project between what was then Academic and Administrative groups • Directory required data feeds from: – Staff Demographic Database – Student Records Database – Class Registration Database – Student Fees Transactions

Directory Changed Processes • • • Demand for electronic update Mailing lists for classes/departments/etc Directory Changed Processes • • • Demand for electronic update Mailing lists for classes/departments/etc Authentication for modem pool access Departmental Systems (IT Labs) Buy-in occurs when value is perceived

U Card Services • Directory is used for card issuing • Card is associated U Card Services • Directory is used for card issuing • Card is associated with X. 500 object • Directory directly queried for authorization

Authorization Services Student Registration U Card Employees Library Special Privileges Directory Services Access Denied Authorization Services Student Registration U Card Employees Library Special Privileges Directory Services Access Denied Medical Building Access “Food” Service

Authn/Authz • radius • https: – un/pw exchange – Web cookies – UCard – Authn/Authz • radius • https: – un/pw exchange – Web cookies – UCard – DLF • Batch feeds • ldaps?

Directory Role • Authenticates • Audit Trail • Authorization varies: – None – Some Directory Role • Authenticates • Audit Trail • Authorization varies: – None – Some – All

Data Sources • • • Human Resources Payroll Student Records Accounts Receivable Coordinate Campuses Data Sources • • • Human Resources Payroll Student Records Accounts Receivable Coordinate Campuses Departments

Data Owners in Control • Signoff needed to access attributes • Reviewed yearly • Data Owners in Control • Signoff needed to access attributes • Reviewed yearly • Benefits: – Knowledge of attribute usage – Changes transparent to applications