DCE Deployment at PSU by wuzhengqin


									DCE Deployment at PSU

        Steven Kellogg
Director, Advanced Information
Center for Academic Computing
                          WHY DCE?
• We wanted DFS
  - DFS is better than AFS
  - File level ACLs
  - Byte-level locking, ( AFS is file level)

• We wanted kerb5
• We wanted an integrated directory
• We wanted a secure RPC
                       WHY DCE?
•   Wanted an integrated management model
•   Integration of very heterogeneous systems
•   An extrapolation of skill base
•   We wanted an integrated authorization
• - DCE groups
•   - classes, orgs, admin functions...
                 DCE Cell Status
•   ~75000 Principals
•   ~300 GB in DFS
•   AIX DCE 2.2 security and CDS servers
•   AIX, NT and OS/390 DFS fileservers
•   Clients
    - AIX, IRIX, NT, Solaris, OS/390
• Accounts Management Architecture
  - All new accounts added to DCE registry
  - Central user database
    - all people info
    - view of DB imported to LDAP
    - Automatic OHR, Registrar,.. Updates
    - Web based management tools: Gradient,
           Projects (cont’d)
• Account management architecture (cont’d)
  - Group management for group ACL’s
    - Every course and section
    - Faculty (location, college, dept)
    - Students (location, college, dept…)
    - Staff (location, college, dept..)
     - eg. CIS, EIS, Dept Web
             Projects (cont’d)
• UNIX user accounts (integrated login)
  - DFS home directories
• Financial Information Tool (FIT)
   - DCE RPC based C/S tool
  - Inter-adapter junctioning
  - Many-to-one mapping
           Projects (cont’d)
• OS/390 DCE/DFS
  - Secure, easy data sharing
  - Secure RPC’s
• Digital Library
  - Built on DCE
           Projects (cont’d)
• WEB Service
  - CAC: UNIX/Apache(DCEmod)/DFS
    - Personal, Dept, Groups, Courses (25K)
  - CAC, OHR: NT/NES/VB cgi/Gradient rte
  - OPP: Linux/Apache/Krb5libs
  - Library, EIS, C&IS, Purchasing:NT/
  Gradient Sec.Adapter/NES or IE

To top