1 / 36

IT Services Organization Chart

IT Services Organization Chart. Computing Services. Authentication: SUNet IDs. S tanford U niversity Net work ID entifier 3-8 character identifier Permanent – cradle to grave – but aliases allowed! Not private and not anonymous Your “golden key” to online services

wallis
Download Presentation

IT Services Organization Chart

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Services Organization Chart

  2. Computing Services Authentication: SUNet IDs • Stanford University Network IDentifier • 3-8 character identifier • Permanent – cradle to grave – but aliases allowed! • Not private and not anonymous • Your “golden key” to online services • Password – change every 180 days • http://sunetid.stanford.edu

  3. Computing Services Authentication: Workgroup Manager • Workgroup Manager • Web application • Defines groups of community members for use on restricted web pages or applications • Workgroups are: • Lists of members in a group • Identified by their SUNet IDs • Given a name that uniquely identifies them. • Replicated into the Active Directory (AD) – more on AD later! A workgroup may also contain subgroups! • http://mais.stanford.edu/applications/workgroup/

  4. Computing Services Authentication: Types of Workgroups • 3 types of workgroups: • System-maintained workgroups: stanford:student (students) stanford:academic (faculty and students) stanford:faculty (faculty) stanford:administrative (staff and faculty) stanford:staff (staff) stanford:stanford (students, faculty, and staff) • Department workgroups (often identified by the department’s assigned stem) organization:businessaffairs_its gsb:affiliates helpdesk:consultants • Individual workgroups (identified by the owner’s SUNet ID preceded by a tilde ~) ~jdoe:book_exchange ~instr:friends ~santa:naughty_children • Using workgroups (with Webauth, for example) in a .htaccess file: AuthType WebAuth AuthType WebAuth AuthType WebAuth require privgroup stanford:staff require privgroup its:directors require privgroup ~instr:friends

  5. Computing Services Authentication: Kerberos • Kerberos: • A network authentication system for use on physically insecure networks. • The heart of Stanford’s campus-wide network security infrastructure. • Prevents eavesdropping or replay attacks. • Provides for data stream integrity (detection of modification) • Prevents unauthorized reading of data using cryptography systems such as the Data Encryption Standard. • Is the official method for authentication at Stanford(see Admin Guide 64)

  6. Computing Services Authentication: Establishing Kerberos Credentials • Windows: • Network Identity Manager (NIM) • Stanford Desktop Tools • http://www.stanford.edu/services/ess/pc/docs/kerberos/ • Macs: • Kerberos for Macintosh (runs in the background) • Stanford Desktop Tools • http://www.stanford.edu/services/ess/mac/docs/kerberos/ • Unix: • kinit • http://unixdocs.stanford.edu/loggingin.html • How does it work? • User runs NIM (Windows) or Stanford Desktop Tools (Windows/Mac) or kinit • User logs in with valid SUNet ID and corresponding password • Kerberos credentials are established!

  7. Computing Services Authentication: Web Authentication (WebAuth) • Open-source web-based system for authenticating users (developed here!) • Protects web sites on the main Stanford web servers • Can be used with other Apache-based web servers • How does it work? • User visits a protected website • Login screen appears and user enters SUNet ID and password • User’s identity and Kerberos ticket carried in a cookie • https://weblogin.stanford.edu/help.html • http://webauth.stanford.edu

  8. Computing Services Authentication: Web Login (WebAuth continued) • 2 keys are given to you when you log in: • a key to the specific web site or service you visited, • and a "master" key that opens other protected web sites. • The keys last until you quit your browser program, or until they expire – up to 10 hours later. • Be sure you have "turned in your keys" by quitting your browser before you leave your computer. • Otherwise other people can access websites as though they are you! • Note: • Using a protocol called SPNEGO, supported browsers can access protected web sites using Kerberos credentials obtained from your computer login instead of using the WebLogin screen. • For details, go to https://weblogin.stanford.edu/config.html

  9. Computing Services Authentication: Shibboleth http://www.stanford.edu/services/shibboleth/ • Lets you access secured non-Stanford sites (only those who have joined a common federation) using your SUNet ID. • Lets Stanford web servers authenticate users from those non-Stanford institutions using their local authentication credentials. • Example: COManage – Internet2 Project • Still in development… • COManage is the Collaborative Organization Management Platform developed by the Internet2 Middleware Initiative. It is intended as a demonstration of the capabilities offered by tying together federated identity management (Shibboleth), groups management (Grouper), and (coming soon) privilege management into a cohesive support infrastructure for a variety of collaborative applications. • http://middleware.internet2.edu/co/ • http://comanage-dev.stanford.edu/

  10. Computing Services Authentication: Guest Accounts • Based on email address • Uses Shibboleth as authentication • A Stanford Guest Account allows you to view specific Stanford web pages that normally require Stanford-Affiliated SUNet identification. A Guest Account might allow you to view and interact with web-authenticated department, individual, and group pages. The owner of the restricted pages can allow you to access them via your Guest Account. • Note: A Guest Account cannot be used to access any restricted data including HIPAA, FERPA, or PCI-regulated data. • http://www.stanford.edu/service/guest/ page 10

  11. Computing Services Distributed File Systems – AFS (Andrew File System) • Stanford’s campus-wide file system • Allows users to efficiently share files across local and wide area networks • System is backed up nightly • University’s main web site and linked files hosted on AFS • http://www.stanford.edu/services/afs/

  12. Computing Services Distributed File Systems – AFS disk space quota • 1 GB of disk space per users, group, or department • Can be used to store web pages, text files, computer programs, pictures and other digital data • Learn more:http://www.stanford.edu/services/disk-space/ • Request group/dept space or increase quota:http://tools.stanford.edu/

  13. Computing Services Distributed File Systems – OpenAFS • Lets you access AFS space on a desktop computer as a shared drive • http://www.stanford.edu/services/openafs/ Mac Windows

  14. Computing Services Distributed File Systems – Copying Files to AFS • For step-by-step instructions on copying files to AFS, visit http://filetransfer.stanford.edu/ • OpenAFS • SFTP (Fetch/SecureFX) • WebAFS is a new, web-based method to easily copy files to AFS • http://afs.stanford.edu/ • http://www.stanford.edu/services/afs/webafs/userguide/

  15. Computing Services Distributed File Systems – Workgroup Integration • Workgroups can be integrated with AFS, Mailing Lists, and the Active Directory • https://tools.stanford.edu/cgi-bin/workgroup-admin

  16. Computing Services Distributed File Systems • Common Internet File System (CIFS) • CIFS (Common Internet File System) = “file servers” • Also known as “Server Message Block” • Also known as the “Windows File Sharing” • At Stanford, we use the CIFS protocol to provide access to a central file service.  • Can be used to share and store files for groups and departments. • Authentication is via Kerberos and NTLM version 2 (Windows NT LAN Manager) • http://www.stanford.edu/services/storage/lowcost/cifs/

  17. Computing Services Backup, System Security, and Anti-Virus • Backing Up: • Desktop/laptops (e.g., Mozy, Iron Mountain (BaRS being deprecated)) • Basically outsourced with a Stanford rate - CRC can help if part of a CRC contract • Servers (e.g., AFS) - Using TSM (looking at disk to disk backup solutions) • System Security: • BigFix – http://www.stanford.edu/services/bigfix/ An OS patch management service which distributes critical security updates to Windows PCs and Macintoshes. • PC Security Self-Help - http://www.stanford.edu/group/security/securecomputing/ • OS Updates • Windows: http://windowsupdate.microsoft.com/ • Apple: http://support.apple.com/ • Linux/Unix • Anti-Virus: Sophos (Stanford site-licensed anti-malware software, providing protection from both viruses and adware/spyware) • http://ess.stanford.edu/pc/sophos.html • http://ess.stanford.edu/mac/sophos.html

  18. Computing Services Business Applications Support Support for ITS internal business apps and campus-wide enabling applications • Pinnacle (Billing), OrderIT, MyITServices • General Enterprise/IT Support Systems • Remedy/HelpSU - tickets; reporting • CMDB (Configuration Management DataBase) – at Stanford, we use BMC Remedy • Calendaring • Zimbra information: http://www.stanford.edu/services/emailcalendar/ • Docushare • A content and document management system • http://docushare.stanford.edu • Infra • Change Management system used to create, approve, schedule, and provide notification of change requests related to IT systems hardware and software • http://changemanagement.stanford.edu • Stanford Answers (also Client Support): http://answers.stanford.edu

  19. Computing Services Business Applications Support (continued) Support for ITS internal business apps and campus-wide enabling applications • ACES (Access Control Enterprise Systems) – Card access to buildings • Lenel • CS Gold • eCommerce – a suite of services that enables Stanford's schools, centers, and departments to establish themselves as merchants, and market and sell products and services on the web. Managed by the Controller’s Office. • SMARTS – monitoring tool to monitor and respond to alerts from networks (phone, switch, data, VOIP, Net-to-Switch/Jack), door security, and environmental systems in the data centers • Unanet – time tracking tool that IT Services uses internally to track staff work time • Jira – tool used to track bugs and other issues in enterprise software used at Stanford

  20. Computing Services Departmental compute servers • Remote access to high-speed, high-power computing resources to support large jobs and provide support for core curriculum and research • Support for departmental or course-specific computing needs. • Specific compute services that don't scale to an enterprise level.

  21. Computing Services Database Services – MySQL • IT Services provides consulting and assistance with databases and database vendors, as well as hosting and support. • MySQL service • Popular open source database management system • With PHP programming language, used to build dynamic, interactive Web sites. • Available for Stanford departments and official University groups and services • https://www.stanford.edu/services/sql/ • http://mysql.stanford.edu

  22. Computing Services Database Services – Microsoft SQL and Oracle • Microsoft SQL • Microsoft’s implementation of SQL • IT Services offers support for departments who have implemented Microsoft SQL • Oracle • IT Services provides consulting and assistance with databases and database vendors, as well as hosting and support. • Note: No Oracle DBAs in-house • For-fee services - supported via Ntirety

  23. Computing Services Directory Services (Registries) • OpenLDAP (Open Lightweight Directory Access Protocol) • http://www.stanford.edu/services/pubsw/package/network/openldap.html • http://www.stanford.edu/services/directory/ • http://www.openldap.org/ • Active Directory • http://windows.stanford.edu/Public/Infrastructure/Services/Directory.html • Whois / StanfordWho • http://stanfordwho.stanford.edu/ • StanfordWhat • http://stanfordwhat.stanford.edu/ • Workgroup Manager • http://workgroup.stanford.edu/ • StanfordYou • http://stanfordyou.stanford.edu/ • Printed Directory (ASSU) • http://assu.stanford.edu/

  24. Computing Services Directory Services (Registries)

  25. Computing Services Technical Facilities (TFAC) • Provides operational management and support for: • IT Services production systems • Infrastructure supporting these systems • Data Centers • Forsythe, Sweet Hall, the 12 ECH (Electronic Communication Hub) facilities, and the Auxiliary Data Center in Livermore, CA) • Responsible for: • Space Planning • Vendor/Customer Coordination • System Hardware Installation • Cabinetry • Low Voltage Cabling and Branch Circuit Distribution • Tracking all equipment in the data centers, IT Services, Administrative Systems, and the CFO’s office (Property Administration)

  26. Computing Services Storage Management • IT Services provides solutions to data storage needs for all levels — individual, departmental, and institution-wide (enterprise). • 1 GB of AFS storage space is provided at no charge • Three additional tiers of fee based storage, each priced per gigabyte for maximum flexibility. • This service provided by block-level, or file-level storage with multiple available protocols (SAN, NAS, iSCSI, CIFS, AFS, etc). • For interconnection, fiber channel and iSCSI is recommended • http://www.stanford.edu/services/storage/

  27. Computing Services Unix/Linux/Windows System Administration • Unix/Linux System Administration • Plan, manage and operate development and production servers in Forsythe Data Center, Sweet Hall, and West ECH, East ECH, and Press ECH. • http://www.stanford.edu/services/unixcomputing/ • Windows System Administration • Addresses the need to move closer to single sign-on • Provides location-independent access to resources, • Provides manageability and security for the Microsoft Windows platform • http://windows.stanford.edu/

  28. Computing Services Web Services – Infrastructure Stuff • ITS web services allow clients control over the collection (database) and presentation (web) of information using various tools. • Virtual Host: • Lets you have a shorter web address (URL – Uniform Resource Locator) • Learn more: http://virtualhosting.stanford.edu/ • Request or update existing: http://tools.stanford.edu/ • Scheduling Service: • Lets you schedule Unix commands to be run at a particular time. • Request or update existing: http://tools.stanford.edu/ • Log Dump Request: • Lets web administrators manage site’s logging information • Using AWStats, can view statistics about activity on their site • Request or update existing: http://tools.stanford.edu/ • Web Searching: • http://search.stanford.edu/ • http://www.stanford.edu/services/websearch/google/ • Web Space: http://www.stanford.edu/services/web/

  29. Computing Services Web Services – Databases • MySQL • Popular, free, open-source relational database management system known for its speed, reliability, and ease of use. • http://www.stanford.edu/services/sql/ • http://mysql.stanford.edu • Request a database: http://tools.stanford.edu/ • Microsoft SQL • Microsoft’s implementation of SQL • IT Services offers support for departments who have implemented Microsoft SQL via Ntirety support (for-fee service)

  30. Computing Services Web Services – Forms and CGI • CGI (Common Gateway Interface): • Lets you run programs on the Web – providing dynamic content, collecting user input, and offering services • Ruby, Python, PHP and Perl languages are supported • http://cgi.stanford.edu/ • Request CGI service: http://tools.stanford.edu/ • Form Builder: • Build, publish, and manage web forms on the Stanford servers • http://formbuilder.stanford.edu • http://www.stanford.edu/services/webforms/

  31. Computing Services Web Services – Content Management Systems (CMS) • Content Management Systems (CMS): • Drupal installation: http://tools.stanford.edu/ • Stanford look and feel templates:http://web.stanford.edu/design/templates/modern/ • SharePoint: http://www.stanford.edu/services/sharepoint/ • Other systems will work, but aren’t necessarily supported. Your mileage may vary! • Note: These products are evolving. Stay tuned for new developments!

  32. Computing Services Web Services – Blogs • Blogs: • MovableType installation: http://software.stanford.edu/ • WordPress installation: http://tools.stanford.edu/ • Drupal installation: http://tools.stanford.edu/ • Stanford look and feel templates:http://web.stanford.edu/design/templates/modern/ • SharePoint: http://www.stanford.edu/services/sharepoint/ • Other systems will work, but aren’t necessarily supported. Your mileage may vary!

  33. Computing Services Web Services – Wikis • Wikis: • MediaWiki installation: http://tools.stanford.edu/ • Drupal installation: http://tools.stanford.edu/ • Stanford look and feel templates:http://web.stanford.edu/design/templates/modern/ • SharePoint: http://www.stanford.edu/services/sharepoint/ • Other systems will work, but aren’t necessarily supported. Your mileage may vary!

  34. Computing Services Web Services – SharePoint • Fee-based service • Offers tools for managing content on the Web • Contains wikis, blogs, discussion forums, event calendars, announcements, task lists, etc. built-in • Workflow tools help manage and automate business processes (approvals/publishing) • http://www.stanford.edu/services/sharepoint/

  35. Computing Services Email at Stanford • Email at Stanford: http://email.stanford.edu/ • Antivirus / SPAM (Sophos PureMessage): http://email.stanford.edu/antispam • Bulk email: Send email to large numbers of Stanford users for official, approved Stanford administrative purposes. • Mailing list services (Mailman): http://mailman.stanford.edu • Secure email: http://secureemail.stanford.edu/ This service is for off-campus secure communication (extra hurdles for data security) • Support for Microsoft Exchange servers • ITS is running a BES server for Blackberry devices

  36. Computing Services Stanford Collaboration Tools (Email/Calendar/IM) • Integrated Email and Calendaring (IEC) web site: http://iec.stanford.edu • Stanford Email and Calendar services web site: http://www.stanford.edu/services/emailcalendar/ • IEC solution • Webmail: http://webmail.stanford.edu/ • Webcal: http://webcal.stanford.edu/ • Desktop tools (Outlook, iCal, Apple Mail, Thunderbird):http://www.stanford.edu/services/emailcalendar/desktop • Email Service Tools: http://tools.stanford.edu • Stanford Instant Messaging • http://im.stanford.edu/ • Centrally-funded instant messaging service provided free-of-charge to the Stanford community, using kerberos, SSL, and the jabber (XMPP) protocols • A safe and secure way to conduct confidential Stanford business online, real-time. (Messages are secure only when sent between Stanford accounts.)

More Related