WIN.MIT.EDU MIT Undertaking Windows Administrations.


142 views
Uploaded on:
Category: Food / Beverages
Description
WIN.MIT.EDU MIT Endeavor Windows Administrations IS&T System and Base Administrations Group WIN.MIT.EDU: MIT's Focal Windows Space Gathering of people Depiction Contextual analyses Design Highlights/Advantages Sub-administrations Security Support Displayed at ITPartners by Richard Edelson Crowd
Transcripts
Slide 1

WIN.MIT.EDU MIT Enterprise Windows Services IS&T Network & Infrastructure Services Team

Slide 2

WIN.MIT.EDU: MIT’s Central Windows Domain Audience Description Case Studies Architecture Features/Benefits Sub-administrations Security Support Presented at ITPartners by Richard Edelson

Slide 3

Audience Academic Departments Classrooms, Clusters, Labs, Staff, Servers Application, File and Print Services, Database, Web Research Departments Labs, Staff, Servers Application, File and Print Services, Database, Web Administrative Departments Staff, Servers Application, File and Print Services, Database, Web

Slide 4

Description win.mit.edu gives a halfway oversaw Windows environment for the MIT grounds. It is incorporated with MIT\'s Kerberos domain, Moira database and MIT\'s standard DNS namespace. Clients logon with single sign-on to numerous MIT assets. Divisions can consistently impart assets over the Institute to other workforce, staff and understudies. Divisions are given control of their surroundings to tweak from multiple points of view while utilizing the included worth IS&T has incorporated with the stage. Offices no more need to procurement and oversee client records, handle patch administration or oversee working framework authorizing. Over the previous year the space has been utilized by more than 60 offices and 10,000 clients. These incorporate personnel, staff, and understudies in scholastic, managerial and research divisions.

Slide 5

Case Studies: Academic Departments Department of Urban Studies and Planning Cluster/Classroom situations Desktop Environment for Faculty and Staff File Servers Chemical Engineering Specialized group/lab environment with tweaked applications Teal Classrooms Classroom/Cluster environment IS&T Academic Computing Classroom/Cluster environment High execution registering environment including AutoCAD, ArcView GIS, Mathematica, MatLab, Adobe applications and that\'s only the tip of the iceberg

Slide 6

Case Studies: Research Departments Bionet: Biology, Bio Engineering and more 54 labs in 18 DLCs utilizing shared elite stockpiling on NetApp document apparatuses joined the win.mit.edu Active Directory. Superior stockpiling needed for era of Genome exploration computational information. Desktop and Lab PC/Instrument situations Windows File and Print Servers Some Workstation Environments are behind Firewall on Private Subnet Users make utilization of DFS home registries for individual space CMSE-SEF – Electron Microscope Lab Desktop and Lab PC/Instrument situations Windows File and Print Servers Secure Web website utilizing IIS for outside information sharing

Slide 7

Case Studies: Administrative Departments Controller\'s Accounting Office Desktop, Windows File and Print Server Environments, Secure SAP check printing Human Resources Desktop, Windows File and Print Server Environments, Kiosk Workstations Office of Sponsored Programs Desktop, Windows File and Print Server Environments Campus Police Desktop, Windows File and Print Server Environments, IPSec Card Office Desktop, Windows File and Print Server Environments, Access Management by means of Citrix Parking Office Desktop, Windows File and Print Server Environments Application Servers for Parking Gate Management Resource Development Desktop, File and Print Server Environments Specialized Database Application Environment by means of Citrix Student Financial Services Desktop, Windows File and Print Server Environments Financial Aid Database Server with IPSec

Slide 8

Architecture: Active Directory Cross-Realm Trust of MIT Kerberos Realm by WIN.MIT.EDU permits single sign-on to numerous assets. Designated User Management - MIT Kerberos accounts – offices control assets by overseeing gathering enrollment and ACL\'s Single Domain/Forest Model being used by extensive schools, partnerships and ISP’s Delegation of Containers (OU’s) – “Islands of Control” Departmental compartment chairmen have numerous devices to manufacture their workstation and server situations. Every office constructs and tweaks their own particular surroundings. Compartment executives control machines and access to their assets rather than the clients specifically Group arrangement Software dissemination, Security, Registry, and other element settings can be appointed on a holder premise. ACL’s by means of Moira gatherings. Custom gathering approach settings composed by IS&T Standard MIT DNS Services win.mit.edu utilizes MIT’s UNIX based DNS administrations rather than Microsoft’s LDAP Directory populated by information from: Moira – User, Group, and Container information Populator –Moira host to holder mapping, Data Warehouse, spn

Slide 9

WIN.MIT.EDU Architecture Moira Populator MIT Kerberos KDC’s WIN.MIT.EDU DC’s MITnet DNS Data Warehouse DFS Storage Query Data Feed

Slide 10

Architecture: Moira Data Feed – “Incremental” The Moira incremental redesign is utilized to keep the WIN.MIT.EDU area synchronized to the Moira database. The Moira incremental will make and keep up the accompanying in Active Directory : User accounts (MIT Kerberos ID’s – principal’s), and profile choices Account status changes, for example, enactment/deactivation Lists and Groups with their participations Container Hierarchy The Moira incremental is a UNIX executable picture and dwells on the Moira server and runs ceaselessly. This application utilizes Kerberos V5 confirmation to set up a LDAP association with the Windows space to perform the overhauls. It has been totally coordinated into Moira operations. At the point when applicable changes to clients gatherings and compartments are made in Moira the incremental is activated and the change is engendered to Active Directory . The Moira incremental will recognize rundown and gatherings when spreading them in Active Directory: Lists = Distribution gatherings Groups = Security gatherings Do not compose straightforwardly to AD to make Domain gatherings or security descriptors The information may be over-composed Make these progressions in Moira Local gatherings can be overseen specifically through Windows

Slide 11

Architecture: User Experience Single Sign-on: User Accounts by means of the Moira incremental A comparing client is made in Active Directory and consequently mapped to the MIT Kerberos central Profile and Home registry choices are composed to the clients account information alongside Office area, telephone and email An irregular 127 character watchword is produced and put away in the client properties in Active Directory so the secret word does not should be engendered. Cross-Realm validation will check the clients secret key specifically from the MIT Kerberos KDC’s. Windows Service exists to invigorate irregular passwords like clockwork Webform to set the clients Windows secret key to a known quality for utilization with uncommon applications where obliged

Slide 12

DFS: User Profiles/Home catalog Default is meandering profile in DFS Configurable through web structure .winprofile is made in the clients DFS homedir Copied to nearby commute at logon NTFS client portions H: is mapped to the clients DFS home registry 2 GB User share of course Previous Versions bolster Accessed over system as required Used for envelope redirection of Windows homedir WinData index is made in DFS for client information My Documents Application Data Favorites Quickstation utility for open machines

Slide 13

DFS: Previous Versions Uses VSS: Windows Server 2003 Shadow duplicate administrations for client Home registries Point-in-time duplicates of records. View, Copy or Restore records and envelopes as they existed at purposes of time previously. Recoup documents that were incidentally erased or overwritten. Look at variants of document while working. Self administration document restore capacity for the end client. Depictions are made each 4 AM. Variants of up to 64 days are accessible. Shadow duplicates are perused just. You can\'t alter the substance of a shadow duplicate.

Slide 14

Sub-administrations Citrix Hosted Business applications http://citrix.mit.edu/citrix/about.html Citrix Staging MIT WAUS: MIT Windows Automatic Update Services Site for MIT endorsed Windows Updates, burden adjusted by means of Big IP http://web.mit.edu/ist/points/windows/overhauls/Contract Administrative Services through IS&T’s DITR Team WIN.MIT.EDU Group Policy and Container Management Desktop Management and Support Server Management and Support Server Collocation Services in W91

Slide 15

Features/Benefits Container Management Delegation of Account Management Container Wide Job Scheduling Web structures Group Policy Storage Printing Laptops Network Boot Installation Services

Slide 16

Container Management Containers (OU’s) – “Islands of Control” Departments can regulate their workstations and servers freely practically as though they were running a different area Seamless capacity to impart assets to different divisions Departments control machines and access to their assets rather than the clients specifically Domain Administrators can be expelled from Administrators Group on all workstations and servers Container Administrators have the capacity override default space bunch strategy settings Containers have ACL’s in Moira characterizing who may oversee them and auto production of gatherings to set ACL’s on machine accounts inside of their compartments

Slide 17

Delegation of Account Management advantages MIT Kerberos accounts – offices control assets by overseeing gathering enrollment and ACL\'s All understudies and staff have Kerberos ID’s Delegation of secret key administration Save time and cash Web frames for some client errands Easy to utilize, self administration Departments just need to deal with their gatherings Save time and cash Seamless capacity to impart assets to different offices

Slide 18

Container Wide Job Scheduling - SelfMaint Container based booking administration called SelfMaint is given notwithstanding the Windows Task Scheduler administration. Keeps running under the SYS

Recommended
View more...