penn state university steve kellogg, director, advanced information technologies center for academic...
TRANSCRIPT
![Page 1: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/1.jpg)
Penn State University
Steve Kellogg, Director, Advanced Information TechnologiesSteve Kellogg, Director, Advanced Information Technologies
Center for Academic ComputingCenter for Academic Computing
Authorizing Access to Services at Authorizing Access to Services at Penn State UniversityPenn State University
![Page 2: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/2.jpg)
Penn State University
Authorizing Access
• HOW– “Baggage” v. “Luggage”
– Integrated everything• Authentication, authorization, namespace, management, filesystem
• Heterogenous
• What– File service
– Web service
– Applications
– Systems
– Delegation
![Page 3: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/3.jpg)
Penn State University
Penn State Environment
• 24 Campus Locations
• ~74,000 Full Time Students
• ~5,000 Part Time Students
• ~25,000 Employees
• ~5,000 “Others”
![Page 4: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/4.jpg)
Penn State University
CACTUS Center for Academic Computing Tracking of User Services
AccountsDatabase(Oracle)
Backend processes
External Data sources
User Services:
Access(DCE), Email, web, DFS, Database, backup,
Class News, Printing,Plotting, calendar,
LDAP,...
Java/webInterface
SignatureStations(end user$ Auth)
•One Account, Many Services•Organize data from disparate sources•Automation ALWAYS goal•Fully extensible•Scalability of services
![Page 5: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/5.jpg)
Penn State University
Systems Access
• Lab systems– Windows
– MAC
– Unix(AIX, IRIX, Solaris)
• Modems– Authorized based on group membership
• ISP apps– email, netnews, …
![Page 6: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/6.jpg)
Penn State University
DCE Production Applications
• Fileservice
• DFS
• 50MB Home Directories
•webmail, portal profiles, personal webspace
• 300 MB for HPC and VIZ users
• 10 MB quota increment per course
• Quota reduced at end of semester
• Site licenses for Solaris, AIX, NT, IRIX
![Page 7: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/7.jpg)
Penn State University
DCE Production Applications• Group management
– Admin, HPC, Classes, Ad Hoc
– Web Authorization
– Shared DFS access
– 3 groups typically created for each group
- Delegated group management
- Group, group_admin, group_owner
![Page 8: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/8.jpg)
Penn State University
DCE Production Applications• CAC Web Service
– AIX/Solaris/Linux
– Apache w/ & w/o mod_auth_dce
– Most content in DFS
– Load balanced w/ IBM’s Network Dispatcher
– JDBC and PerlDBI access to Oracle and DB2
.eg MicroSoft SW distribution
![Page 9: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/9.jpg)
Penn State University
DCE Production Applications
• Web Servers (Gradient’s NetCrusader Security Adapter)
– Executive Information System (EIS)
– Library access to licensed Web content (LIAS)
– Purchasing Catalog
– Computer & Information Systems (C&IS) Web site
– Microcomputer Order Center (MOC)
– Smeal College of Business
– Electronic Testing Services (ETS)
![Page 10: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/10.jpg)
Penn State University
DCE Production Applications• Other web service
– Office of Physical Plant• Linux, Apache, K5
– Office of Human resources• NT, IIS, Gradient DCE RT, VB
– Lab consultant management tools• AIX, K5, C
– Others that we don’t necessarily know about…
![Page 11: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/11.jpg)
Penn State University
DCE Mandarin
• OS/390 Enterprise Server; ADABAS
• NT Web Servers; WebComm.dll– Authenticated RPC client
• Several services; same RPC code base– Student Apps (eLion)
– Business Apps (WebIBIS)
– Financial Apps (FIT)
• RPC protection level– integrity
– privacy
![Page 12: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/12.jpg)
Penn State University
PKI at PSU
• CREN CA Pilot– OpenSSL
• Server Certs
• Short term certs– Kx509 auth in DCE cell
![Page 13: Penn State University Steve Kellogg, Director, Advanced Information Technologies Center for Academic Computing Center for Academic Computing Authorizing](https://reader036.vdocument.in/reader036/viewer/2022082610/56649d025503460f949d5e1a/html5/thumbnails/13.jpg)
Penn State University
Questions?