frank grewe ([email protected]) office of information technology university of minnesota
TRANSCRIPT
Physical Plant
• 4 different locations– 3 production
• WBOB
• NTC
• AHC
– 1 development/backup• Lind Hall
Black Box
• Locked 19” rack– 2 fiber pairs configured as 200MB etherchannel– 2 power connections– 2 phone lines
Hardware
• Ether Switch• Terminal Server• (2) Modems• SUN Netra T1• (8) SUN Netra X1• Dell 2450• SUN 420R/A1000• SUN E450
Services
• Administration/monitoring/security• Certificate Authority• X.500 DSA• “Repository”• Directory gateways• Web services• Email, etc…• Active Directory!
Networks
• Private VLAN
• Local (umn.edu)
• Internet
Remote Admin
• Terminal Server connects to console ports (vcon)
• System/application monitoring (mon)
• Security monitoring
• Oncall paging
History
• Vision for universal internet access– E-Mail– Gopher– News– Modem Pool– Etc
• Directory seen as a lookup mechanism
White Pages
• finger
• whois
• ph
• gopher
• http
• ldap
Fueled Cooperation
• First visible joint project between what was then Academic and Administrative groups
• Directory required data feeds from:– Staff Demographic Database– Student Records Database– Class Registration Database– Student Fees Transactions
Directory Changed Processes
• Demand for electronic update
• Mailing lists for classes/departments/etc
• Authentication for modem pool access
• Departmental Systems (IT Labs)
• Buy-in occurs when value is perceived
U Card Services
• Directory is used for card issuing
• Card is associated with X.500 object
• Directory directly queried for authorization
Authorization Services
U Card DirectoryServices
Student Registration
Employees
Access Denied
Library
“Food” Service
Special Privileges
Building Access
Medical
Authn/Authz
• radius• https:
– un/pw exchange– Web cookies– UCard– DLF
• Batch feeds• ldaps?
Directory Role
• Authenticates
• Audit Trail
• Authorization varies:– None– Some– All
Data Sources
• Human Resources
• Payroll
• Student Records
• Accounts Receivable
• Coordinate Campuses
• Departments
Data Owners in Control
• Signoff needed to access attributes
• Reviewed yearly
• Benefits:– Knowledge of attribute usage– Changes transparent to applications