120 likes | 143 Views
GRNET Service Box. Yannis Mitsos, George Thanos, Faidon Liambotis TF-MSP meeting, Amsterdam February 4 th 2009. Introduction. 1U server (Dell PowerEdge 1x50) that is delivered free of charge to the Greek academic institutes,
E N D
GRNET Service Box Yannis Mitsos, George Thanos, Faidon Liambotis TF-MSP meeting, AmsterdamFebruary 4th 2009
Introduction • 1U server (Dell PowerEdge 1x50) that is delivered free of charge to the Greek academic institutes, • Provides a set of pre-installed services that suites the needs of most academic institutes, • Mass-management and local administrator support provided by GRnet's NOC, • Based on the GNU/Linux ecosystem, specifically Debian, • Currently deployed in over 20 institutions over the course of 4 years.
Service portfolio • Directory & AAI services • LDAP, currently based on Sun DS 5.x. • Shibboleth IdP 1.3 • Shibboleth demo SP • RADIUS server with LDAP backend. • VPN service (OpenVPN). • VoIP Services • H.323 GK based on GnuGK. • H.323 to SIP gateway using Asterisk. • SIP Registrar/Proxy using OpenSER. • Plus various network debugging tools (e.g. multicast beacon, iperf)
User Interface –UI- • Web-based configuration interface for local administrators, • Administrators can easily configure each service's parameters in a matter of minutes, • Highly-abstracted, not specific to the underlying software to ease upgrade paths, • Superuser SSH access provided to the local admins only if needed; currently only a small minority have asked for that, • Custom-made, written on Perl and using XML as the data store format, • Very limited but has worked well so far, • Accompanied by a different LDAP user management web tool.
The rationale • Many institutional NOCs do not have the required technical expertise nor the necessary manpower to deploy novel networking services, • Many academic institutes are rather small, with an analogously limited NOC in terms of human resources (it can be even one man show), • Helps solving chicken-and-egg issues, e.g. with federated services such as Shibboleth.
Gains • We got a better picture of the institutions' needs. • Newly-provided services reached our users in a matter of days instead of months. • Major infrastructure/protocol updates are being handled more easily and uniformly: • Shibboleth 1.2 → 1.3, 1.3 → 2.0 (TBD) • H.323 → SIP migration (in progress) • Helps our goal of building a user community of administrators.
Project Challenges • Marketing to the institutes has been the greatest challenge: • Many feel that it crosses a line for the NREN's job. • It has been mostly easy to convince them to get one (it's free!), it's more difficult to make them use it's full potential. • VoIP: interoperability with proprietary (most of them not supporting VoIP) PBXes • LDAP • Proprietary student management systems that don't do LDAP, • ...or totally absent user/student management. • New services should be deployed quickly and mostly effortlessly. • The UI has to be able to be simple and straightforward but at the same time provide a way to configure advanced settings.
Next steps • Enhance (or rebuild) the administration interface: • Less clutter by presenting an integrated picture (LDAP, Shibboleth, RADIUS), • Provide an “advanced mode” that allows more fine-grained settings for some services. • Localization support, • Provide more services, esp. federated ones: • eduRoam? • Antispam applications? • Use virtualization to provide “virtual boxes” on an even greater scale.
Open topics • Should we offer more services on the box? • If so, which ones? • Does it make sense to provide common services such as DNS & e-mail? • Are other NRENs eager to deploy a similar concept? • Can it be an inter-NREN collaboration project? • Build a community around it?
GRNET Service Box Yannis Mitsos, George Thanos, Faidon Liambotis TF-MSP meeting, AmsterdamFebruary 4th 2009