Upload
olga-gilliam
View
58
Download
0
Tags:
Embed Size (px)
DESCRIPTION
The Identity Management System. NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID. By Jonathan Higgins. Presentation Template available from Microsoft. NMI-EDIT CAMP Synopsis. - PowerPoint PPT Presentation
Citation preview
NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID
By Jonathan Higgins
Presentation Template available from Microsoft
The Identity Management System
NMI-EDIT CAMP Synopsis
• Directory Workshop covering directory implementation steps, architectures, person registries, and operational issues.
• Basics for implementing an Identity Management System.
What is Identity Management?
• Identity Management is an abstract for a system that manages: Identification, Authentication, and Authorization.
• Identification is the act of pre-assigning a unique namespace (a username) to an individual.
• Authentication binds a person with an Identity
• Authorization is the act of ensuring that a person is afforded access only to services and data required to support allowed tasks.
The Big Picture
Growing Pains and Silos vs. Suites
• Why are we doing this?• Impending Growth of student, faculty, and staff
population• Scalability
• Silos: authentication, authorization and application are all self contained and individually administrated.
• Integrated Suites: Set of applications that authenticate and authorize from a central service for multiple applications.
What Are We Doing?
• NetID project ongoing since 9/2002
• OpenLDAP and Kerberos completed 5/2003
• Active Directory integration synchronized with OpenLDAP and trusted by Kerberos 2/2004
• Negotiation of data to provide individual affiliations for dynamic groups in progress.
• Blade Technology and new resources.
• ISCSI storage solution for remote data storage in progress.
The State of NetID
• 3rd semester in production, and working as intended.
• New attributes are on the way.
• Dynamic groups based on affiliations
• Password Expiration notification system
Groups
• Students, Future Students, Undergraduate, Graduate, Staff, Faculty, Employees, Visitors, Temp Employees, Student Assistants, Alumni, and Retired
• Groups that will exist before this Fall include: Department based groups, Degree of Study groups, College based groups, and Courses.
• What other groups do you think we may need?
Linux Blade Cluster
• This project is ongoing and dependant on the ISCSI storage solution.
• The MTA project will provide a single mail exchange for the @Kennesaw.edu domain. The MTA will include Spam control and Virus scanning.
• Public Visible LDAP replica (FERPA controls will be in place for students)
ISCSI Storage Array?
• A procedure will be available to acquire disk space.
• As a system administrator you just need to know that ISCSI provides a block level network device, not a file IO share.
How does the ISCSI Storage System work?• Client Systems
• OS Layer
• Physical Layer
What Still Needs To Be Done?
• Upgrade NetID and Administration Tools to include:• Modify schema and add attributes as needed• Modify RDN for user objects to free the uid attribute
to allow multi-values or aliases• Add Radius for wireless authentication• Add Account Locking/Deletion
• Pursue Campus buy-in to NetID though identifying services and providing documentation for integration.
• And more…
What can we expect in the future?
• Solution for guest computing may be Sponsorship? An idea introduced at the CAMP.
• Individual account holders would be responsible for the sponsorship and creation of an account.
• The new account would have no more access than the sponsor.
• Access control would be monitored by the sponsor.
• Possible solution to guest computing issues, parental access to their students resources, and other.
What else can we expect?
• Inter-Institutional Applications
• Shibboleth, a Web-based inter-organizational authorization system, leverages attribute repositories such as directories and the larger identity management infrastructure to service inter-institutional applications and resource sharing.
• Authentication for students from another trusted university to applications and services hosted here at Kennesaw and vice-versa.
Any Questions?
• Feel free to ask anything, except topics that do not concern KSU.