1 / 21

PASS Migration – Update V

A Retrospective Current Issues Future Directions with Jeff D’Angelo NWOP 2008/08/18. PASS Migration – Update V. PASS Migration – A Retrospective. Need arose: Replace DCE/DFS with Kerberos/LDAP/GPFS Replacement authentication & directory services ran in parallel for years

marshj
Download Presentation

PASS Migration – Update V

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Retrospective Current Issues Future Directions with Jeff D’Angelo NWOP 2008/08/18 PASS Migration – Update V

  2. PASS Migration – A Retrospective Need arose: Replace DCE/DFS with Kerberos/LDAP/GPFS Replacement authentication & directory services ran in parallel for years PASS Beta launched December 2007 Early migration to new PASS June 2008 Final migration July 3-4 2008

  3. PASS Migration – A Retrospective What went well: Completed data migration on time Most critical functionality preserved Internal and external communication processes improved Not so well: 3rd party software incompatibilities

  4. PASS Migration – A Retrospective Major Changes: CIFS/NFS require kerberos Quota behavior Permissions (ACLs) NFSv4 based UNIX system changes php.scripts.psu.edu major changes SSH host key changes (sftp / UNIX) Path changes (e.g. /pass) MIT KDCs: Longer Kerberos ticket lifetimes LDAP schema / attribute usage for PASS • http://www.personal.psu.edu/jcd/blogs/NextPass/ • 2008/07/pass-migration-complete.html

  5. PASS Migration – Current Issues Documentation still in development, e.g.: Mounting NFS Gateway from Mac Known issues KB articles

  6. PASS Migration – Current Issues PASS Gateway server issues 32 group limit for CIFS

  7. PASS Migration – Current Issues PASS Gateway client issues Windows AD domain w/ dce.psu.edu trust Works automatically Windows (w/o AD) requires for Kerberos: Must specify user User must include domain

  8. PASS Migration – Current Issues PASS Gateway client issues Mac OS X Ticket problem while authenticated to AD Leopard’s Finder misinterprets CIFS ACLs Kerberos requirement precludes Tiger NFS NFSv3 requires multiple mounts

  9. PASS Migration – Current Issues PASS Gateway client issues Linux mount.cifs has no kerberos support yet NFSv4 performance less than peers Ticket renewal (beyond 14 days) “nfs” service principal required for NFS client

  10. PASS Migration – Current Issues PASS Gateway client issues Solaris NFSv4 ls / stat() issue AIX NFS Executable error “Cannot open or remove a file containing a running program”

  11. PASS Migration – Current Issues Secure Shell / Secure File Transfer Host key changes sftp.pass.psu.edu, sftp.personal.psul.edu rs6klab.aset.psu.edu Fugu may hang kb.its.psu.edu/psu-all/hd/fuguhangs

  12. PASS Migration – Current Issues Web services www.courses.psu.edu now uses SSL for all content, WebAccess for protected content PHP content no longer automatic Apache 2: Server Side Includes (SSI) Old MIME type activation no longer supported despite docs PHP users may need to update/remove default .htaccess

  13. PASS Migration – FIXED Issues FIXED Issues: PASS Explorer Browse-To list auto groups CIFS READ-ONLY attribute falsely set PHP SQLite2 driver missing Cbs UNIX cluster back after hiatus

  14. PASS Migration – New Directions Where are we now? Beta / Early migration systems down: today Fixing / Documenting known issues Web permissions tools further development Add new features to File Permissions Manager Create Web Services based command line tool Mac mount PASS tool update for NFS

  15. PASS Migration – New Directions Where are we going? GPFS data redundancy New quota limit – mid semester DCE/DFS shut down December 2008 Enhanced quota system – expected summer 2009 Permissions tools integration (web/file) Kerberized sftp/ssh login Self-serve kerberos keytabs UMG updates

  16. PASS Migration Timeline

  17. PASS Migration Resources:Kerberos Authentication • For Kerberos auth to the Penn State Kerberos realm (dce.psu.edu) for either Mac, Windows or Linux clients. • Mac OS X: CLC has documented setting up Kerberos auth on OSXhttp://clc.its.psu.edu/Labs/Mac/Resources/authdoc/default.aspx http://clc.its.psu.edu/Labs/Mac/help/privatefilespace/macpass.aspx • LINUX: For discussion of Kerberos auth and SSO see:https://wikispaces.psu.edu/display/access/Kerberos • WINDOWS: For discussion of Kerberos auth and SSO see:https://wikispaces.psu.edu/display/access/Kerberos+on+Windows • Note: The registry key that must be installed on the windows clients is called "psuksetup.reg" and is available here: http://aset.its.psu.edu/docs/windows/active_directory/kdcrecords.html

  18. PASS Migration Resources:Online Learning Materials • Publishing: The Infrastructure at Penn Statehttp://portfolio.psu.edu/files/eportfolio/PASS_blogs_viewlet_swf.html • The Files in Your PASS Space: A Guided Tourhttp://portfolio.psu.edu/files/eportfolio/PASS_tour_viewlet_swf.html • Publishing in your Penn State Web Spacehttp://portfolio.psu.edu/files/eportfolio/Publishing_in_PASS.pdf

  19. PASS Migration Resources:Online Documentation • The MIT Kerberos tools for various OShttp://web.mit.edu/Kerberos/dist/index.html • New Public Online Documentation for PASS http://its.psu.edu/PASS/ • Wikispaces – for Penn State affiliated Faculty and Staffhttp://wikispaces.psu.edu/display/PASS • Next PASS Blog by Jeff D’Angelo http://www.personal.psu.edu/jcd/blogs/NextPass/

  20. Active Directory Update ACCESS.PSU.EDU forest Exchange 2007 support introduced

  21. Search Engine Update Upgrade expected Fall 2008 New hardware Out: 1 x GB-5005 In: 2 x GB-1001 New software GSA 4.x -> 5.x

More Related