1 / 42

TJU/H Mission

TJU/H Mission. Patient care Education Research. TJU/H Demographics. 9,000 faculty/staff 3,500 students. TJU/H IT Infrastructure. ATM network 5,000 PC’s, Macs IBM mainframe Tandem mainframe Unix/Linux servers NT servers NetWare servers. Application Infrastructure.

leland
Download Presentation

TJU/H Mission

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TJU/H Mission • Patient care • Education • Research

  2. TJU/H Demographics • 9,000 faculty/staff • 3,500 students

  3. TJU/H IT Infrastructure • ATM network • 5,000 PC’s, Macs • IBM mainframe • Tandem mainframe • Unix/Linux servers • NT servers • NetWare servers

  4. Application Infrastructure • Mail*Hub mail switch/X.500 directory • Authentication • Role data • HP OpenMail (4,500 faculty/staff) • CS&T OpenTime (2,100 clients) • PeopleSoft • IDX/Last Word

  5. The Problem • Migration from NetWare to NT • NT admin tool issues • NT security model issues • Support staff training issues • Competing business models • Generalized fear and loathing

  6. NT Admin Tool Issues • GUI Interface not ideal for batch updates • Command line control limited • Batch file scripting limited • Scripting host proprietary • Platform-limited remote control capabilities

  7. NT Security Model Issues • Not very granular (as exposed by the GUI tools) • Not hierarchical (like NetWare 4.XX) • No obvious link to our X.500 directory • Didn’t fit our IT support roles

  8. Support Staff Training Issues • GUI tools unfocused • Command line approach not user friendly

  9. Competing Business Models • Microsoft’s take on security different than ours • Monolithic technology vs. diverse technologies • Proprietary vs. open solutions • Commercial vs. non-profit environments

  10. Fear and Loathing • Microsoft replaces our favorite technologies • Microsoft replaces us • ‘The Dark Side’ Syndrome

  11. General Problem Vendor’s Reality

  12. General Problem Vendor’s Reality Our Reality

  13. General Solution Vendor’s Reality Filter Our Reality

  14. General Solution Vendor’s Reality Filter Our Reality

  15. General Solution Vendor’s Reality Filter Our Reality P e r l

  16. The Solution - Perl • Powerful • Cross platform • Easy entrée to NT internals • Roll our own admin tools • Make them networkable • Tie in our legacy systems

  17. Phase 1 - Local Administration • Standardize on Perl • Start by ‘back-ticking’ various command line functions • Replace with Perl/NT admin API packages as they become available

  18. Useful NT Admin Packages • Win32::NetAdmin.pm • Win32API::Net.pm • Win32::AdminMisc.pm • Win32::DomainAdmin.pm • Win32::FileSecurity.pm

  19. Phase 2 - Remote Administration • IO::Socket-based client • inetd from Pragma Systems • Useful companion for pre-fork NT Perl • Also provides telnet daemon • Perl-based request server called by inetd • Server interfaces with modular “methods” package • System can work with command line or web delivery mechanisms

  20. Web Admin Overview X.500 Directory Authentication User Interface CGI Processing Authentication Client Process Server Process Perl NT Methods NT Environment

  21. Platform Overview HP/UX X.500 Directory NT Authentication User Interface CGI Processing Authentication Client Process Server Process Linux/Apache Perl NT Methods NT Environment

  22. NT Admin Walkthru • Authentication

  23. NT Admin Walkthru • X.500 Name/Password

  24. NT Admin Walkthru • Main Menu

  25. NT Admin Walkthru • Create Client Object Use K_Client; my $client = K_Client->new(host => ‘pdc.jeff.com’, port => 2000, sender => $param{‘sender’}, pwd => $param{‘pwd’}, key_file => ‘/usr/local/keys/nt.txt’, );

  26. NT Admin Walkthru • Send Request $client->build_request(method => ‘get_user_list’, server => ‘’, ); my $ok = $client->send_receive(); my $err = $client->get_errorcode(0); my @users = $client->get_result(0); my $msg = $client->get_msg(0); return ($ok,$err,$msg,\@users);

  27. NT Admin Walkthru • Server Object use K_Server; use K_Methods::NT_Admin; use X500_Auth; my $hosts = { www.jeff.edu => 1, pdc.jeff.edu => 1 }; my $methods = K_Methods::NT_Admin->new(); my $server = K_Server->new(methods_obj => $admin, auth_sub => \&X500_Auth::auth_client, work_dir => 'd:/ntadmsrv’, server_name => 'K_Server', log_file => ’d:/logs/k_admin.log', key_file => ’d:/keys/nt.txt', event_log => 1, ok_hosts => $hosts, ); $server->handle_request();

  28. NT Admin Walkthru • Methods data structure $self->{‘methods’} = { get_user_list => { method => sub { $self->get_user_list(@_) }, params => [ server ], role => $ops, event_id => 15, false_msg => sub { my %p = @_; return "Failed to get user list." }, true_msg => sub { my %p = @_; return "Got user list." }, }, . . .

  29. NT Admin Walkthru • Methods role attribute $self->{‘roles’} = { super_acct => 3, acct => 2, ops => 1, all => 0, };

  30. NT Admin Walkthru • Core subroutine # generate list of users sub get_user_list { my $self = shift; my %params = @_; my (@users); Win32::AdminMisc::GetUsers($params{'server'},'',\@users); return \@users; }

  31. NT Admin Walkthru • Create Account

  32. NT Admin Walkthru • Create Account

  33. NT Admin Walkthru • Create Account $client->build_request(method => ‘create_user’, server => ‘’, user => $param{‘user’}, type => ‘user’, abort => 1, ); $client->build_request(method => ‘set_user_pwd’, server => ‘’, user => $param{‘user’}, pwd => ‘tmp_pass’, ); $ok = $client->send_receive(); @msgs = $client->get_msgs(); return ($ok,\@msgs);

  34. NT Admin Walkthru • Create Account

  35. NT Admin Walkthru • Main Menu

  36. NT Admin Walkthru • Change Account

  37. NT Admin Walkthru • Get Account Info $client->build_request(method => ‘get_user_attrs’, server => params{‘server’}, user => params{‘user’}); $client->build_request(method => ‘get_user_global_groups’, server => params{‘server’}, user => params{‘user’}); $client->build_request(method => ‘get_global_groups’, server => params{‘server’}); $ok = $send_receive(); @msgs = $client->get_msgs(); %attrs = $client->get_result(0); @user_grps = $client->get_result(1) @grps = $client->get_result(2); return ($ok,\@msgs,\%attrs,\@user_grps,\@grps);

  38. NT Admin Walkthru • Account Info

  39. NT Admin Walkthru • Back end logging

  40. Project Results • Our security policies enforced • NT becomes part of larger IT infrastructure • IT staff supports NT with minimal training • Change effectively managed (Win2K) • Innovation modulated by our business realities

  41. NT Admin Futures • Replace inetd with Perl fork • Recode admin methods to support LDAP/Active Directory • Spend more time on web client interface

More Related