View
16
Download
0
Category
Preview:
DESCRIPTION
CLEMSON. U N I V E R S I T Y. The Computing Infrastructure. July 30, 1997. Division of Computing and Information Technology. Agenda. Background Network Backbone Design & Connectivity Network Resource Access DCIT and Departmental Public Lab Access User Support and Training - PowerPoint PPT Presentation
Citation preview
The Computing Infrastructure
Division of Computing and Information Technology
CLEMSONU N I V E R S I T Y
July 30, 1997
Agenda
Background Network Backbone Design & Connectivity Network Resource Access DCIT and Departmental Public Lab Access User Support and Training Summary
Background on Clemson IS Large Systems Background Strong Development Shop Mainframe and Open Systems Expertise Departmental LANs ruled 90’s until Novell Directory
Services (NDS) NDS populated in Summer 1995 (36,000 users) Departmental LANs gone. More centralized management of
the network. NDS is centerpiece of security and authentication.
Mission
Provide computing infrastructure. Empower Users and Departments. Provide guidance in selecting solutions
based on industry standards. Deploy solutions to meet the needs of
institutional computing. Provide user support and training.
Network BackboneDesign andConnectivity
Networking @ Clemson
Core Backbone Distribution Access Dorm Access Off Campus Access Extension Offices Internet Access
Core Backbone
FDDI 100Mbps ring Connecting 8 Fiber Distribution Centers FDDI connected routers
FDDI Core Backbone
Holms
Lowry
Strode
VickeryPoole
Sikes
Brackett
ITC
Distribution
Distribute backbone connections to buildings.
Most buildings have two 10Mbps connections.
Implementing switched 100Mbps connections to buildings.
Labs within buildings are on a dedicated 10Mbps connection.
Distribution Example
10M Ethernet
10M Ethernet
100M Ethernet
100M Ethernet
Strode Core Router
Cooper
Edwards
Jordan
Mauldin
Access
Category 5 cabling within buildings. Switches are used to provide traffic
segmentation. Most buildings have 48 to 78 users per
segment.
Access
In the last year we have been connecting 24 port shared hubs to switched 10M segments for general use.
High bandwidth areas will get switched 10 or 100Mbps connections.
Access Example 1
24 Port HubStackable
24 Port HubStackable
24 Port HubStackable
10Mbps Ethernet
72 Workstations on one segment
Access Example 2
Ethernet 10M24 Port Shared HubEthernet 10M24 Port Shared HubEthernet 10M24 Port Shared HubFast Ethernet 100MSwitchGroup ServerFast Ethernet 100M
Ethernet 10M24 Port Shared HubEthernet 10M24 Port Shared HubEthernet 10M24 Port Shared HubFast Ethernet 100MSwitchGroup ServerFast Ethernet 100MEthernet 10MOR
Ethernet 10M
24 Port Shared Hub
Ethernet 10M24 Port Shared Hub
Ethernet 10M
24 Port Shared Hub
Fast Ethernet 100M
Switch
Group Server
Fast Ethernet 100M
Ethernet 10M
OR
Dorm Access
2500+ dorm rooms have a 10BaseT Ethernet connection per bed.
We use DHCP to assign IP addresses. This Fall there will be a WEB page for
Dorm residents to signup for service. Automation of the port activation.
Off Campus Access
Partnered with MCI for dial up access. Limited PPP connectivity free. Any Internet Service Provider.
CampusMCI
MCI Provides ALL equipment and lines. Adds additional equipment when needed. Direct connection to the Clemson Network. Internet traffic uses MCI’s Internet
connection.
CampusMCI Cost to User
$14.95/month for 70 hours of connect time. $0.95/ hour for additional connect time. The hours 1am - 6am are FREE. 800 service available at an additional
$0.10/minute
Free Dial Up Access
52 lines for Dial Up network access. Support Point to Point Protocol (PPP). Session time limit 30 minutes. Limited to the Clemson domain, no Internet
access.
Any Internet Service Provider
Faculty, Staff and Students can use their choice of Internet Service Providers to access Clemson Network resources.
Extension Offices
All 46 County Extension Offices of South Carolina are connected to the Clemson Network via Bell South Frame Relay service.
Each office has at least 24 ethernet ports.
Internet Access
BBN Planet provides a 3Mbps connection to Clemson from their Austell, Ga T-3 point of presence.
Will be converting to Info Avenue in Fall 1997.
What’s Next?
Add the Calhoun Courts and Lightsey Bridge dorms to the network.
Additional buildings with 100Mbps connections to backbone.
Deploy additional switches with the buildings.
ATM network testing.
Network ResourceAccess
Goals Promote collaborative computing
– Intra-workgroup– Inter-workgroup– Faculty/Student
Individual/Group presence on the network. Central management of computing Distributed management of data Single authentication of distributed systems. Keep heterogeneous systems “homogeneous”
Server Strategy & Management Novell, NT, Unix, and OS/390 servers maintained
by DCIT DCIT provides hardware and Network Operating
System (NOS). DCIT administers backups. DCIT performs user administration. Group maintains data and security with help of a
Tech Support Provider (TSP). Virus Protection and Software Metering
Automatic Userid System (AUS)
AUS
Personnel Admissions
MVS
Unix
NDS
Other
Other
Distribute Resource Management
U se rs C A F LS
C iv i l M e cha n ica l E le c trica l
C E S L ib ra ry
C L E M S O N U
Personal Storage (User Data Servers)
StudentD
EmployeD
Any Faculty or Staff Member
Any Student
Office, Lab, or DialUp
Dorm, Lab, or DialUp
Collaborative Storage - “Group Servers” (Faculty & Staff)
Group Server2
EmployeD
Group Server1
Collaborative Storage - “App Servers” (Students)
StudentD
Applications Server(N)
Collaborative Storage (Faculty and Students)
App ServerEmployeD
Group Server1 StudentD
Printing Strategy
OS/390
Unix
???
PrintGateway
PC PC PCMac
Q
Q
Q
Q
Q
NDS Design for Printing
A
B
P o o le
L ib ra ry
IT C
...
P rin te rs
E m plo yee
A
B
P rin te rs
S tud en ts P rtD ev C A F LS
C iv i l M e cha n ica l
C E S
c le m so nu
Electronic Mail Server: Based on Sun Solaris. No user accounts required on Solaris. Server software developed at Clemson. Multiple recipients / one copy of message. Server based on POP/MIME Internet standard
protocols. IMAP4 coming? Eudora site license purchased by DCIT. Listserver gaining wide spread acceptance and use.
Class/section list automated.
Mail Server
DOSDOS POPcPOPc
mainframemainframe POPcPOPc
WindowsWindows POPcPOPc
MacMac POPcPOPc
UNIXUNIX POPcPOPc
OS/2OS/2 POPcPOPc ?? POPcPOPc
popDpopD ListDListD MailServer
MailServer
Mail Server: Statistics
1995 1996 1997* Category14k 46k 85k Daily Average POP Connections
13k 36k 62k Daily Average Msgs Retrieved from Server
27k 48k 92k Average Msgs Sent using Server per day
*based on partial year statistics through May 26, 1997.
Automated Email Distribution List & NDS Group Membership
MVS OS/390
ListMGRpopDpopD ListDListD Mail
Server
MailServer
TCP/IP
Class RolesDepartments
NDSGroupMGR
NLM
TCP/IP
WEB Serving
Institutional Servers Department or Group Servers Organizational Page Servers Personal Page Servers Administrative and Student Application
Page Servers
NDS web Security via NT/Unix/?
Authentication Server
Too many userid/password combinations for each user to remember.
Need central set of secure servers that all systems use for authentication.
Clemson University Personal ID (CUPID). Based on Automatic Userid System (AUS). Idea born in interdepartmental task force. Production on July 1, 1996.
Authentication Server
MAILMAIL authCauthC
WEBWEB authCauthC
mainframemainframe authCauthC
UnixUnix authCauthC
NetwareNetware authCauthC
SunSun authCauthC
NTNT authCauthCOracleOracle authCauthC
NDS
IntranetWare Server BIntranetWare Server A
AUTHSERV.NLM
IntranetWare Server C
Mainframe(MVS)
VTAM
RACF
AuthClient
Onlines
MAIL(solaris)
AuthClient
POPd
NTServer(4.0)
AuthClient
Website
Application
User Workstation (‘95/Mac/NT Workstation)
Eudora TN3270 Netscape Login.exe
Linux
AuthClient
Apache
Application
AUTHSERV.NLM AUTHSERV.NLM
Authentication Server
NLM is multithreaded. Clients use common code base. Clients have built-in failover capability. Communication based on TCP/IP sockets. >90% successful password checks complete in
less than 0.1 seconds. >2 million requests serviced by primary server
over a 6 week period. 50,000/day
NDS Authentication through NT/Unix/other To the WEB?
Application:Employee InfoSystem (EIS)
Type:WEB
Server OS:Windows NT 4.0
Server Enabling App:Website/Visual Basic
Using NDS Security Across the Intranet
AuthenticatedClient
ServerAuthClient
AuthenticationServer
NDS
Netscape IIS32bitDLL
AUTHSERVNLM
NDS
Page requestCheckEquiv
Check SecurityEquivalence
Locate user objectand run equivalencelist.
NT 4.0
AUTHSERV Client Functions
Password Check Password Change Resolve to Fully Distinguished Name Check Security Equivalence Check 3rd Party Access Rights Return Group Membership Misc Administrative Functions
Caldera OpenLinux and Apache
Caldera OpenLinux
FileServer
FileServer
FileServer
AuthC
Browser
Browser
Browser
Browser
AuthServer
FileServer
FileServer
WEB gateway to Netware File System.
Web Interface to Home Directories via Authserv NDS Gateway
Application:Personal Pages
Type:WEB
Server OS:Linux
Server Enabling App:Apache/Caldera
http://www.clemson.edu/~acollin
Web Interface to Department Pages
Application:Departmental Pages
Type:WEB
Server OS:Linux
Server Enabling App:Apache/Caldera
http://dcitnds.clemson.edu/CSO/depts/maint
Using NDS to Secure Web Pages
NovellAuth onAuthName Novell TreeAuthType Basic <Limit GET POST>require user gmcochrrequire user kellenrequire group .resadmin.groups.employee.clemsonu</Limit>
WebAuth: Web Single Signon
Workstation 3rd PartyWebServer
WebAuthClient
AuthServNLM
NDS
WebAuthNLM
AuthClient
WebBrowser
1
WebBrowser
2
DCITAuthentication
WebServer
WebAuthTrustedClient
CHECK
STORE
Only trusted web servers prompt for userid password and set cookie in browser. Other web servers must use the cookie to determine the user.
Redirect
Goals - Review Promote collaborative computing
– Intra-workgroup– Inter-workgroup– Faculty/Student
Individual/Group presence on the network Central management of computing Distributed management of data Single authentication of distributed systems Keep heterogeneous systems “homogeneous”
DCIT & DepartmentalLab Access
DCIT Public Access Labs
For Everyone (not just Students). Consist of Mac and PC workstations. Every user has virtual “personal PC”. All labs are identical to the user. Each lab has an “application server”. General purpose apps supplied by DCIT. DCIT installs and administers applications for
departments.
Departmental Labs
Marry DCIT’s public lab framework with the specialized needs of a department lab.
Space and workstations provided by the department.
Maintained by the department and SIG. Allow the user access to the “lab” from
anywhere.
Supported Operating Systemsin Public Labs
Windows 3.11 Windows 95 Macintosh (System 7.6)
Windows 3.11 Lab Workstation Key Features “Isitcool” is used to provide application server
failover support. Workstation runs “The Conformist” to ensure
consistency among machines. Custom contextless login is used to avoid context
“problem.” Each user gets a “Virtual PC” which follows them
from computer to computer.
Isitcool - Fail-over Applications Server Attachment
Applications Server(2)
ISITCOOL NLM
Applications Server(n)
ISITCOOL NLM
Applications Server(1)
Work-station
Lab 1
ISITCOOL NLM
WorkstationDisk Image
Applications
Isitcool?
NO!
NO!
YES!
The Conformist
Applications Server(1)
Work-station
Lab 1
ISITCOOL NLM
WorkstationDisk Image
Applications
Written by Clemson to provide a solution to the problem of corrupted workstations.
All application servers contain a image of a “perfect” workstation drive.
The conformist performs comparison of the local drive to this “perfect” image and makes the appropriate changes.
The conformist can also allow for slight variations between workstations.
Contextless login program
The user only has to enter their userid and password and we search for their userid in the three user containers and log the user in if found.
This means the user types “joeuser” and does not have to remember “.joeuser.j.students.clemsonu”
Virtual PC
All user settings are stored in their Novell home directory
This means as you move from PC to PC your settings follow, giving you the feel of your own PC each time you use a lab machine regardless of location.
Windows 95 Lab Workstation Key Features SFLogin is used as contextless login solution.
Isitcool is used for workstation failover. Roaming profiles are supported to provide virtual
PC. Profiles are implemented in a way to reduce network traffic
PCRDist is run to ensure machine consistency.
Macintosh Lab Workstation Key Features “Assimilator” is used to ensure consistency
among machines. Custom contextless login program is used
to eliminate the context “problem”. Eudora Launcher and Netscape Launcher
are used to bring some of the features of the Virtual PC to the Macintosh.
The Assimilator
AppleShare FileServer
Work-station
Lab 1
Macintosh
WorkstationDisk Image
Applications
Appleshare File Servers contain a image of a “perfect” workstation drive.
Assimilator is not currently NDS aware so, images are currently stored on Macintosh Appleshare fileservers.
The Assimilator performs comparison of the local drive to this “perfect” image and makes the appropriate changes.
Macintosh Contextless Login
The Macintosh login provides not only a contextless login solution, but finds and maps the users home directory as well.
User Support& Training
Support Structure
Questions/Problems
Answers/Resources
ClientSupport
SystemsIntegration
LANSystems
NetworkServices
TSPs
HelpDesk
FacultyStaff
Students
Level 1
CollegeConsultant
ComputerResources
EnterpriseSystems
UniversitySystemsSupport
Level 2Level 3
Training
Employee Training Student Training
Employee Training
University Support Systems Customized Training Desktop Applications Office Applications Specialist Certification
Program Technology Support Program
Student Training
In-class training Computer Literacy Program Short courses
Advanced Technology Center (ATC) Focus on University multimedia activities Provides funding for faculty multimedia
projects Maintains multimedia labs for training
faculty and testing software Offers multimedia training classes
Summary
Summary
Clearly defined infrastructure support model
National leader in supporting collaborative computing
Efficient cooperative user support model Weak points in support structure accurately
identified
Recommended