douglas ouzts condrey consulting corporation douzts@condreyconsulting.com identity based storage...
Post on 13-Jan-2016
232 Views
Preview:
TRANSCRIPT
Douglas OuztsCondrey Consulting Corporationdouzts@condreyconsulting.com
Identity Based Storage Management
Novell File System Factory
2
The one Net vision
Novell Nsure solutions take identity management to a whole new level. Novell Nsure gives you the power to control access so you can confidently deliver the right resources to the right people — securely, efficiently, and best of all, affordably.
Novell Nsure™
Novell exteNd™
Novell Nsure™
Novell Nterprise™
Novell NgageSM
:
:
:
:
3
one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions.
The one Net vision
Novell exteNd™
Novell Nsure™
Novell Nterprise™
Novell NgageSM
:
:
:
:
4
Agenda
• Introduction to Condrey Consulting Corporation • Identity Based Storage Management
• File System Factory Overview • File System Factory Technical Components
• IUAdmin - Web Based Access and Management • AuditLogin – Who’s Accessing Storage• TrustFun – File Rights & Trustee Analysis• Live Demo• Q&A
5
Condrey Consulting CorporationCompany Overview
• David Condrey – Owner and CEO
• US Software Engineering Corporation based in Greenville, SC
• Customers in 33 countries representing Commercial, Fortune 1000, State & Federal Government, Military, Healthcare, Higher-Ed and K12
• Well known and respected by customers, especially in the academic market
• Well known at Novell – Model Partner
• Invested in the future of Novell
6
Condrey Consulting Products Overview
• Novell File System Factory™ – Novell Nsure - Novell Price List• Identity Based Storage Management• Ties Provisioning to the NetWare OS – Event Driven and Policy Based• Lifecycle Content and Data Management
• IUAdmin™ • Policy Based Personal and Collaborative Storage Access
– Integrates with File System Factory™ – Integrates with exteNd Portal, Virtual Office and iChain
• Web Based Access to Personal and Group Content• Web Based Help Desk Administration • Web Based User Self-Service and Password Reset
• AuditLogin™ and TrustFun• Who’s Accessing Storage and What Rights Do They Have?
- Login/Logout - Date, Time,Workstation- Trend Reports and Graphs- File and Directory Rights Analysis
7
File System Factory Education Customers
• University of Kentucky – 43,000 users
• Northern Illinois University – 67,000 users
• Minnesota State Colleges & Universities – 93,000 users
• Charleston County Schools, SC – 42,000 users
• University of Georgia – 60,000 users
• Embry Riddle University – 12,000 users
• Hemet School District, Los Angeles
• Grand Rapids Community College
• Savannah Chatham County Schools, Georgia
• Douglas County Schools, Georgia
• Newton County Schools, Georgia
8
More File System Education Customers
•Northwestern Michigan University
•Old Dominion University
•Madison Area Technical College
•Waukesha County Technical College
•Blackhawk PA School District
•Marysville Village Schools
•Spearfish School District
•Maine Township High School District
•Waubonsee Community College
•Western Illinois Univeristy
•Escondido Union High School District
•Sutton Public Schools
•Escondido Union High School District•Sutton Public Schools•Ramaz School•Augsburg College •Southwestern Community District No. 9•Le Moyne College•Macon County R-1 •Grant MacEwan College•Clemson University•Community Consolidated School District – Illinois
•Ramaz School•Augsburg College
9
Sample of Education Customers Leveraging
File System Factory, IUAdmin and AuditLogin
Identity Based Storage Management
11
The Challenge
Do you give all your users home directories?• If you do, how do you manage the disk space?• Do you evenly distribute the disk space? Criteria?• How do you manage growth?
If you do give your users home directories, how do you clean them up? How extensible is it?
Do you give ALL your groups of users collaborative storage space?
• Business: All working groups?• Education: All sections of all classes?• Do you evenly distribute the disk space?• How do you manage growth? Cleanup?
12
Creating and ManagingeDirectory® Objects
DatafileDatafileLDIFApp
LDAP UIMPORT Custom or3rd Party
eDirectoryPS IDM
File System FactoryPhilosophy and Mission
14
A New Philosophy
…and be done with it.
Point your tree…
…at your disk…
15
Mission #1
Automatic disk space for ALL Users!
16
Mission #2
Automatic disk space for EACH Work Group!
17
Solution
Yeah, we can do that…
We
and most importantly…
create it,
manage it,
clean it up!
18
Solution
All you have to do is create the objects…
…any way
…we’ll handle the rest!
you want…
What is File System Factory?
20
FSF
NetWare
NetWare
Identity-Based Storage Management
eDirectory
BorderManager
ZENworks for
Desktops
NetMail
Identity MgrPeopleSoft
Identity MgrAD
ActiveDirector
y
LINUX
Peoplesoft
• Policy Based, Event-Driven
• Control it with ZENworks® like policies.
• Load balancing
• Storage creation• Storage management• Storage cleanup
• Personal user storage• Group storage
Driver Driver
Driver
21
Novell File System Factory Overview
Automatic NetWare® storage which provides access from Windows, Mac, UNIX, and the Web.
Relieves disk management headaches.
All Namespaces
Traditional and Novell Storage Services™ (NSS) supported
Built on procedures proven in “real world” environments.
Load balancing.
Automated policy based data Migration between servers
Cleanup (everybody’s pain point) is now automated based on policy.
Executive and Administrative Dashboard
Employee Data Manager (Workflow)
Web Based Quota Manager
Web Based File System Rights Analysis
22
File System FactoryStorage Management based on Policy and Events
eDirectory
Policy
ManageProvision
Events
LDAP
ConsoleOne
NWAdmin
Custom/3rd
iManager
Identity Mgr
ConsoleOne
NWAdmin
Custom/3rd
iManager
LDAP
UIMPORT
LDIF
DirXML 1.x
FileSyste
mFactory
You Create and Manage objects any way you want, FSF will handle the file system.
Move tomodern provisioning technology without worrying about file storage.
Use multiple account provisioning methodsconcurrently without worrying about file storage.
Move to newer tools and let policy govern storage management instead of helpdesk or local admins.
23
File System Factory for:
Microsoft
Active Directory
Linux
Coming up Next
24
FSF
NetWare
NetWare
Provision and De-Provision Storage for Netware, Active Directory and Linux
eDirectory
BorderManager
ZENworks for
Desktops
NetMail
Identity MgrPeopleSoft
Identity MgrAD
ActiveDirector
y
LINUX
PeopleSoft Driver
Driver
FSF
Methodology
26
FSF Methodology
Target File
Systems
SERV1/VOL1:Procedures
Digital Air
Work New York Atlanta
Algorithm: Random BalanceRights: RWCEMFAQuota: 150 MBTemplate: SERV1/VOL1:ProceduresDelWait: 90 Days
150MB
Copy
BSmith
BSmith
RWCEMFA
Policy
BJones
BJones
New workflow component allows employee’s manager to review, reassign, or vault user data prior to deletion.
•Create•Rename•Delete
27
Policy Assignment & Data Migration
BSmith 25MB
Jefferson
Employee Students Other
Sunshine Elem Lincoln Middle Riverside High
Policy
Policy
Policy
BSmith
BSmith
BSmith 50MB
• Seamless
• Fault-tolerant
• Safe
Scheduler – 9:00PM
28
Northern Illinois UniversityData Migration - Backfill
NIU
Faculty Students Other
Policy
BSmith
RJones
KJackson
RCroom
DWyatt
RJones
KJackson
BSmith
RCroom
DWyattBSmith
RCroom DWyatt
RJones
KJackson
Admin issues Backfill with “Enforce Policy Paths” option, which will move data.
Pentium Pro 200’s –
67,672 Users
Pentium Pro 200’s –
0 Users
NCS
29
Data Migration Scheduling
30
Policy Assignmentscan be made via:
File System Factory Web Interface
LDAP
Nsure Identity Manager
NDK Application
CN=BSmith
Surname=Smith
StudentID=123456789
cccFSFactoryPolicy=Riverside.Schools.Jefferson
Collaborative Storage
32
Why is this Important?
Sharing data and working together is what networks are all about.
Yet in most environments, managing shared disk storage is the most manual process in the shop.
• This means it’s resource intensive.
• This means it is not managed in a timely manner.
• This means that many times collaborative storage just does not happen.
Why do we have this network again?
33
Policy Definitions
DeleteWait
…
Template
Rights
Quota
Paths
34
DeleteWait
…
Template
Policy Definitions
Rights
Quota
Paths
DeleteWait
…
Template
Rights
Quota
Paths
cccFSFactoryHomedir Home Directory
35
Business FSF Group Policy Example
Target File
Systems
SERV1/VOL1:ProjectFiles
ACME
Projects Engineering Sales
Algorithm: Random BalanceRights: TemplateQuota: 500 MBTemplate: SERV1/VOL1:ProjectFilesDelWait: Never
150MB
Copy
ATL-BLDG-1
ATL-BLDG-1
Policy
Assign Policy to Projects Container
Automatically Create Project Storage and Assign Policies
Copy Project Files from Template
Create Project Group
Object
36
Education Group Policy Example
Target File
Systems
SERV1/VOL1:Courses
Jefferson
Courses Employee Student
Algorithm: Random BalanceRights: noneQuota: 500 MBTemplate: SERV1/VOL1:CoursesDelWait: 90 Days
150MB
Copy
SPAN340-001
SPAN340-001
Policy
Assign Policy to Courses Container
Automatically Create Group Storage and Assign Policies
Copy Course Files for Each Student from Template
Create Course Group
Object
37
Group Policy TemplatesConfiguration StepsSPAN340-001.MS.COURSES.STATEU
Create eDir
Objects
Assign Rights to Directories
Create Template
Create Group Object
Assign Members & Owners to the Group
Create FSF Group Policy Using the FSF Management
Interface
38
Group Policy Templates
JSmith.Students.STATEU
MRoberts.Students.STATEU
NFrost.Students.STATEU
PJones.Students.STATEU
RBrooks.Students.STATEU
SSmith.Students.STATEU
STimms.Students.STATEU
TJones.Students.STATEU
TSmythe.Students.STATEU
WClark.Students.STATEU
ABelcher.Staff.STATEU
KAlesanto.Staff.STATEU
Members Owners
Assign Students as Members and Instructors as Owners
39
Group Policy Templates
File System Factory Automatically Provisions Storage for Students and Instructors
Universal Resource Access(URAccess)
41
Where’s my stuff?
Users need an easy way to find their storage …even if you need to move it.
Personal Storage and Group Storage.
Map a Drive? There’s only so many letters in the alphabet.
Login Script Management is a headache for group storage.
42
URAccess
End-User tool for dynamically building personalized access links to storage.
Leverages Home_Directory user attribute for personal storage.
Leverages cccFSFactoryHomedir group attribute for shared storage.
Creates a local set of UNC paths and description presented to the user in a Windows UI.
Like App-Launcher for ZENworks, except provides access to storage.
List can be refreshed at any time.
Supports multiple tree connections.
43
URAccess
BOB.USERS.ACME
EVERYONE.ENGR.ACME
*requires IUAdmin™
NWCCGetAllConnRefInfo()
Home Directory
SecEqual
CLUST1/USERVOL6:USERS\BOB
EVERYONE.ENGR.ACME
BIG PROJECT.ENGR.ACME
MANAGERS.ENGR.ACME
SMALL PROJECT.ENGR.ACME
cccFSFactoryHomedir
cccResource*
SERV6/GVOL:ENGR\EVERYONE
http://www.IEEE.com
44
URAccess
Executive and Admin Dashboards
46
Executive Storage DashboardStorage Trends on User and Group
Policies
47
Administrative Storage Dashboard
Storage Health Check
https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFExecutiveDashboard.
Event Statistics
Web Based Quota Manager
49
Web Based Quota Manager Policy Configuration
50
Quota Manager – Help Desk Interface
https://your.server.name.or.ip.address:8009/FSF/HTTP_FSFQuotaMgr
51
Quota Manager – Help Desk Interface
Green = space available > 25% of quota
Yellow = space available < 25% of quota Red = space available < 10% of quota
52
Quota Manager – Help Desk Interface
File System Rights Analysis
54
File System Rights Analysis
55
Rights Analysis
OWNERS
MEMBERS
Employee Data ManagerWorkflow
57
Novell eGuide Manager
58
Policy Configuration
59
Employee Data Manager Interface
60
FSF
NetWare
NetWare
Identity Based Storage Management
eDirectory
BorderManager
ZENworks for
Desktops
NetMail
Identity MgrPeopleSoft
Identity MgrAD
ActiveDirector
y
LINUX
PeopleSoft Driver
Driver
FSF
Technical Overview
62
What are the requirements?
Any Novell supported version of NDS® or eDirectory (6.xx, 7.xx, 8.xx, 85.xx, 8.6.x, 8.7.x)
NetWare 5.1 SP6 or laterNetWare 6.0 SP4 or laterNetWare 6.5 or later
NetWare 4.x SP9 or laterNetWare 5.0 SP6a or laterNetWare 5.1 SP6 or laterNetWare 6.0 SP4 or laterNetWare 6.5 or later
NetWare 6.0 SP4 or laterNetWare 6.5 or later
NDS/eDir
FSF_Event
FSF_Engine
63
Global Event Subsystemand Transaction Tracking
FSF_Engine
Event DB
A B C
FSF_Event
FSF_Event
FSF_Event
64
The State Machine Architecture
DS is replicated.
Servers go down for maintenance or other reasons.
Routers die.
Fiber is dug up on occasion.
“Neither rain, nor snow, nor sleet, nor gloom
of delayed DS synchronization shall stay
this system from the swift (or eventual)
completion of its appointed tasks…”
…That’s real life.
65
The State Machine Architecture
Server R2
SALES.ACME
Server R3
SALES.ACME
+RWEMFA
Event:AddUser
Server R1
SALES.ACME
FSF-EVENT
Server E
FSF-ENGINE
Server Z
66
Actions and StatesAdd User
#define FSF_ACTION_NEW_USER 4000
#define FSF_ACTION_NEW_USER_STATUS_WAIT_TO_SEE 4010
#define FSF_ACTION_NEW_USER_STATUS_WAIT_FOR_POLICY 4013
#define FSF_ACTION_NEW_USER_STATUS_GET_POLICY 4016
#define FSF_ACTION_NEW_USER_STATUS_WAIT_FOR_PATHS 4018
#define FSF_ACTION_NEW_USER_STATUS_PICK_LOCATION 4020
#define FSF_ACTION_NEW_USER_STATUS_NO_PATHS 4021
#define FSF_ACTION_NEW_USER_STATUS_CREATE_DIRECTORY 4030
#define FSF_ACTION_NEW_USER_STATUS_SET_OWNER 4035
#define FSF_ACTION_NEW_USER_STATUS_APPLY_TRUSTEE 4040
#define FSF_ACTION_NEW_USER_STATUS_SET_QUOTA 4050
#define FSF_ACTION_NEW_USER_STATUS_COPY_TEMPLATE 4060
#define FSF_ACTION_NEW_USER_STATUS_SET_HOMEDIR_ATTRIBUTE 4070
#define FSF_ACTION_NEW_USER_STATUS_SET_MESSAGE_SERVER_ATTRIBUTE 4075
#define FSF_ACTION_NEW_USER_STATUS_USER_EXIT 4080
#define FSF_ACTION_NEW_USER_STATUS_NORMAL 4090
67
State and the Process Queue
Server E
FSF-ENGINE
Transaction #
Event Type
Status State
FDN
ObjectCreated
EventTriggered
TargetPath
ObjectDeleted
…
Server R1 Server R2
FSF-EVENT FSF-EVENT
Internet User Administrator
IUAdmin™
Web Based Access and Management
69
IUAdmin™• Web Based Access to Netware Personal Home Directory Storage
Managed by File System Factory Policies
• Web Based Access to Collaborative Group Storage Based on
File System Factory Policies
• Integrate with Novell Extend Portal, Netware 6.5 Virtual
Office Portal and Novell iChain• User Self Service
• Self-Service Password Reset• Let Users Optionally fix their own problems
• Help Desk Administration• Location and Departmental based Help Desk • Help Desk Group Management• User Help Indicators Identify Account Problems
Intruder Lockout Grace Logins
Login Disabled
Account Expired
70
IUAdmin™ -Web Based Access & Management
User Self Service
(each can be
disabled)Personal
And Group Storage Access
Help Desk
(these options are not seen by
the end user
interface – only the admin
interface.)
Managed By File System
Factory Events & Policies
PersonalStorage
Group Storage
71
IUAdmin Help Desk
72
IUAdmin™ Architecture
IUAdminCore
Architecture
User SelfService
HelpDesk
FileSystem
Mgt
ResourceMgt
AuditLogin Trustfun
File SystemAccess
Other products provideManagement Paks that plug in
to the architecture.
FileSystemFactory
ePortfolio
• Built on top of Novell’s HTTPSTK..no Built on top of Novell’s HTTPSTK..no webserver to install or configure.webserver to install or configure.
• SSL connections for security.SSL connections for security.
• Contextless Login.Contextless Login.
• No schema extensions. However No schema extensions. However optional extensions are provided optional extensions are provided for increased functionality.for increased functionality.
• Runs on Netware 5.1 or above with Runs on Netware 5.1 or above with any version of eDirectory.any version of eDirectory.
AuditLogin™
TrustFun™
Security - Audit Access & Rights Analysis
74
AuditLogin™
• Audits all objects in tree in a single operation • No configuring multiple containers.
• Logs are automatically cleaned up based on user parameters• Logs from all servers are consolidated into a single set of
comprehensive files. • Log files are simple text files that can be easily searched or
imported into other programs for trends analysis. • 5 minute installation. • Self-Maintaining based on user options. • Multiple log formats supported. • Remote server configuration from Windows workstation.• Graphing subsystem that supports multiple servers
concurrently on a single graph.
Currently Installed in
33 Countries
75
AuditLogin Graph
76
AuditLogin - Log File Report
77
TrustFun - Rights & Trustee AnalysisWin32 Application
78
TrustFun Report
79
Trustee Assignment Detail
80
Tying it all together
ZENWorks™
GroupWise®
NetMail
Novell iChain
IUAdmin™
AuditLogin™
eDirectory™
File System Factory™
Identity Based Storage Management
Home Directory Management Group Storage Management Web Based Quota Management File Rights & Trustee Analysis
Exec and Admin Storage
Dashboards Employee Data Manager
(Workflow)
User
AuditLogin Report & Graph
User
UIMPORT LDAP IDM Console One
User
Employees
Web Based File Storage AccessHelp Desk Self Service Password Reset
82
DEMO• File System Factory Initial Installation• Review of Management Interface• Backfill Existing Users - Create a User Policy • Move Users to new location – Move Files• Rename User • Delete User – Clean Up Files• Group & Course Policies – Business & Education Example • Rights and Trustee Analysis• URAccess – Access to Group Storage – No Drive Mappings• Quota Manager Interface• Executive Dashboard Interface• IUAdmin – Web Based Access and Management
83
For More Information• Visit www.novell.com/products/filesystemfactory
• Visit www.filesystemfactory.com
• Discuss on the FSF forum at http://support.novell.com/forums/
• Send product questions/suggestions to FSFDev@novell.com
• Visit www.condreyconsulting.com
• Talk to your Local Account Team or Business Partner Rep
• 50% Off Promotion for VLA, CLA and MLA Customers
top related