SDSC NT Infrastructure

1
SDSC NT Infrastructure

• Cindy Zheng
• Information Technology
• San Diego Supercomputer Center
• www.sdsc.edu/zhengc
• zhengc_at_sdsc.edu

2
SDSC Desktop History

• VAX and terminals
• Replaced by UNIX desktops and servers
• Add Mac desktops and servers
• Add NT desktops and servers
• Add Linux desktops and servers

3
Desktop Growth

• From 1997 to 2002 (staff 100 -gt 400)
• UNIX 125 -gt 200
• MAC 125 -gt 60
• NT 0 -gt 300
• Linux, 2000 to 2002 0 -gt 70
• Fastest growing platform on desktop
• Applications
• Costs
• Manageability in business environment

4
Roles of NT Systems in SDSC
Business vs. home Security requirement Centrally
managed

• Staff desktops
• Scientific computing
• Software development
• Network applications
• Documentation and graphics
• Internal servers
• File, printing, security, management etc.

5
Roles of NT Systems (continue)

• Project servers
• Pacific Rim Digital Library
• http//libraries.ucsd.edu/prl
• http//www.prdla.org
• Art Museum Image Consortium
• http//www.amico.org
• Entropia PC Grid Computing

6
Multi-platforms

• Still UNIX-centered
• Core services
• Policies and methodologies
• Division of responsibility
• Inter-operated

7
Design Considerations

• Users Needs
• Resource constraints
• Manageable
• Secure

8
Design Considerations (continue)

• Coherent with over-all infrastructure
• Network zones
• Production
• Managed services
• Conference
• Outback
• Inter-operable

9
Main features

• Centralized services
• Standard NT desktop systems
• Inter-operability
• Security policies

10
Centralized services

• Authentication
• File
• Backup
• Print
• Remote access

• Anti-virus
• System management
• Support request
• Calendar
• License

11
Authentication Service

• User administration
• Unified user name space
• New_user script
• Mailing list
• Domain structure
• Multi-master domains
• Trust relationship

12
(No Transcript)
13
File Service

• Major user file systems
• Home directories
• Collaborations
• Scratch
• Save important files on server
• Backup
• Easy access from elsewhere

14
File Service (continue)

• Server disks
• RAID SCSI
• RAID IDE
• http//staff.sdsc.edu/its/gridbrick/
• http//users.sdsc.edu/tgpt/promise.html
• Fibre-channel storage

15
File Service (continue)

• Cross-platform service
• Service For Mac (on NT, serve Mac)
• Appletalk
• Not win2k
• Netatalk (on UNIX, serve MAC)
• Appletalk (not used)
• TCP/IP (faster, securer)
• http//netatalk.sourceforge.net
• Samba (on UNIX, serve NT)
• SMB, name mapping

16
Backup Service

• For system recovery and user file recovery
• 97-99, Retrospect on MAC server
• 2000, Backupexec on NT server
• Backup important server systems
• Only backup data on servers
• Backup only user file systems with quotas
• User backup, HPSS

17
Backup Service (continue)

• OverlandData tape library
• 1TB, 8K, daisy-chain up to 4
• AIT2, 50GB/80, chip on tape
• Veritas Backupexec
• Server license 500
• Target server license 150
• Client licenses free

18
Backup Service (continue)

• Performance
• Production, network, software compression
• Backup 100GB/13 hours
• Restore 100GB/36 hours
• Collaboration, attached, no compression
• Backup 100GB/4.8 hours
• Backup scheduling
• Production vs. Collaboration

19
Print Service

• 400 staff, 4 buildings
• 20 TCP/IP network printers
• Xerox, HP, Lexmart, Brother, Apple
• 1 print server
• Shared among all platforms

20
Remote Access Service

• Our needs
• From anywhere on the Internet
• NT, or a Mac or an UNIX system
• Access SDSC production environment

21
Remote Access Service (continue)

• MS Terminal Server http//www.microsoft.com/china/
  windows2000/guide/server/features/terminalsvcs.htm
  
• Citrix MetaFrame Server http//www.citrix.com
• How does it work?

22
Remote Access Service (continue)

• SDSCs implementation
• Hardware
• NT4 vs. Win2k
• Performance
• How to use it? http//staff.sdsc.edu/Platforms/Win
  nt/FAQ/jedi2k.html
• Problems

23
Remote Access Service (continue)

• Licensing
• MS Terminal Server (per seat) 100
• CAL 36/device
• MetaFrame Server XP license
• Migration 2000(SA)/15 concur. connections
• ICA clients free

24
Home PCs and Portables Service

• Use reference system for initial setup
• Local administrator
• Designated subnet
• Wireless Airport, DHCP
• Advisory and download page

25
Anti-virus Service

• Anti-virus software usage history
• Norton anti-virus servers and clients
• System Center
• Automated/scheduled update
• License
• TrendMicro ServerProtect

26
System Management Server (SMS)

• Functions
• Hardware/software inventory
• Software distribution
• Remote administration
• Software metering
• Web page reports

27
SMS (continue)

• Requirements
• Hardware
• Software
• Licenses
• Major components
• Server
• Client
• Administrators console

28
SMS (continue)

• How we use it
• Queries
• Software distribution
• Package tool
• Testing
• Distribution
• Remote administration

29
Support Request Service

• SDSC over-all infrastructure
• Whom to ask
• Keep track Request, assignment, charge, status
• Remedy Action Request System
• Remedy server, database
• Remedy client
• Web interface
• License

30
License Service

• Key server
• All licensed applications
• Server and shadow
• Key configuration
• Client
• MS license server
• Terminal server license

31
Scheduling Service

• Schedules for people and rooms
• Meeting Maker server
• Meeting Maker client
• Notify

32
Standard Windows Desktop

• SDSC reference system
• Uniform, tested
• Settings for users convenience
• Security
• User can install additional applications
• Apply for local administrator
• IT inventory, audit, inform
• User responsibility

33
Design Consideration

• Satisfy most users needs
• Easy to create
• Easy to update
• Self-documenting

34
Reference System Setup

• Network share
• Less hardware dependent
• Self-documenting
• Takes 2 hours to ref a workstation
• Ghost images
• Takes 20 minutes to ref a workstation
• Hardware configuration dependent

35
Network Share

• Boot floppy
• Partition, BIOS update, network ref, Ghost ref
• OS installation share
• Answer file, Unique database
• IE, Perl, OS patches
• Reference system setup scripts
• Security, applications, customization

36
Ghost Images

• Only for bulk identical hardware
• Use Network share to create initial images
• Ghost server
• Boot floppy run Ghost client
• Ghost walker
• Procedure

37
Reference System Update

• New/upgrade/patch via SMS
• Update reference network share
• Periodical update Ghost images

38
Interoperability

• UNIX, Windows, Macs
• File sharing
• SAMBA
• Netatalk
• Logon
• Citrix MetaFrame
• Secure CRT

39
Security Policies

• Network policy
• Services policy
• Authentication policy
• Audited and enforced
• User education

40
Network Policies

• Separate security zones
• Production, Collaboration, Conference, Outback
• Routing
• PDC
• Filtering
• Ports, protocols

41
Services Policies

• Production Services
• IT managed or posted as allowed
• Collaboration services
• IT setup/maintain system software
• Collaborators setup/maintain applications
• Outback
• Owner responsibility

42
Authentication Policy

• Different account/password
• No group account, even administrators
• Granting local administrative privilege
• Locking

43
User Education

• Post policies and updates
• Sign responsibility forms
• Keep the message simple
• Repeat, repeat, repeat, and again
• Do NOT open an attachment unless you are sure

44
Audit and Enforcement

• Prevention first
• Audit passwords, patches, services, connections
• Immediate investigation and resolution
• Intrusion detection
• Logging and alerting
• Analysis tools
• No successful break-in since 1995

45
Working in Progress

• Active Directory upgrade
• Backup to online hard disks
• Exchange server
• Recharge
• Other hardware and software alternatives

46
Active Directory Migration Plan

• Whats AD to us?
• Production vs. collaboration
• DNS
• DHCP

47
Active Directory Migration

• Preparation and testing
• Production
• All Windows 2000 except DCs
• Testbed
• Functional duplicate production environment
• Hard disk backup for repeated tests

48
Backup to Online Hard Disks

• All platforms
• Speedier restore
• Users can restore themselves
• Last few incrementals

49
Exchange Server

• Explore alternative solutions for
• Scheduling
• Requests servicing
• Document sharing
• Email

50
Recharge

• How the budget worked before
• Why change
• Schemes and agreements
• Implementations
• Policies and handlings
• Update support infrastructure
• Trial runs

51
hardware and software alternatives

• Costs
• Desktop hardware
• Desktop software

52
Thank you!