1 / 12

GRNET Service Box

GRNET Service Box. Yannis Mitsos, George Thanos, Faidon Liambotis TF-MSP meeting, Amsterdam February 4 th 2009. Introduction. 1U server (Dell PowerEdge 1x50) that is delivered free of charge to the Greek academic institutes,

ecameron
Download Presentation

GRNET Service Box

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. GRNET Service Box Yannis Mitsos, George Thanos, Faidon Liambotis TF-MSP meeting, AmsterdamFebruary 4th 2009

  2. Introduction • 1U server (Dell PowerEdge 1x50) that is delivered free of charge to the Greek academic institutes, • Provides a set of pre-installed services that suites the needs of most academic institutes, • Mass-management and local administrator support provided by GRnet's NOC, • Based on the GNU/Linux ecosystem, specifically Debian, • Currently deployed in over 20 institutions over the course of 4 years.

  3. Service portfolio • Directory & AAI services • LDAP, currently based on Sun DS 5.x. • Shibboleth IdP 1.3 • Shibboleth demo SP • RADIUS server with LDAP backend. • VPN service (OpenVPN). • VoIP Services • H.323 GK based on GnuGK. • H.323 to SIP gateway using Asterisk. • SIP Registrar/Proxy using OpenSER. • Plus various network debugging tools (e.g. multicast beacon, iperf)

  4. User Interface –UI- • Web-based configuration interface for local administrators, • Administrators can easily configure each service's parameters in a matter of minutes, • Highly-abstracted, not specific to the underlying software to ease upgrade paths, • Superuser SSH access provided to the local admins only if needed; currently only a small minority have asked for that, • Custom-made, written on Perl and using XML as the data store format, • Very limited but has worked well so far, • Accompanied by a different LDAP user management web tool.

  5. … a few screenshots

  6. Managing SUN Directory Service 5.X

  7. The rationale • Many institutional NOCs do not have the required technical expertise nor the necessary manpower to deploy novel networking services, • Many academic institutes are rather small, with an analogously limited NOC in terms of human resources (it can be even one man show), • Helps solving chicken-and-egg issues, e.g. with federated services such as Shibboleth.

  8. Gains • We got a better picture of the institutions' needs. • Newly-provided services reached our users in a matter of days instead of months. • Major infrastructure/protocol updates are being handled more easily and uniformly: • Shibboleth 1.2 → 1.3, 1.3 → 2.0 (TBD) • H.323 → SIP migration (in progress) • Helps our goal of building a user community of administrators.

  9. Project Challenges • Marketing to the institutes has been the greatest challenge: • Many feel that it crosses a line for the NREN's job. • It has been mostly easy to convince them to get one (it's free!), it's more difficult to make them use it's full potential. • VoIP: interoperability with proprietary (most of them not supporting VoIP) PBXes • LDAP • Proprietary student management systems that don't do LDAP, • ...or totally absent user/student management. • New services should be deployed quickly and mostly effortlessly. • The UI has to be able to be simple and straightforward but at the same time provide a way to configure advanced settings.

  10. Next steps • Enhance (or rebuild) the administration interface: • Less clutter by presenting an integrated picture (LDAP, Shibboleth, RADIUS), • Provide an “advanced mode” that allows more fine-grained settings for some services. • Localization support, • Provide more services, esp. federated ones: • eduRoam? • Antispam applications? • Use virtualization to provide “virtual boxes” on an even greater scale.

  11. Open topics • Should we offer more services on the box? • If so, which ones? • Does it make sense to provide common services such as DNS & e-mail? • Are other NRENs eager to deploy a similar concept? • Can it be an inter-NREN collaboration project? • Build a community around it?

  12. GRNET Service Box Yannis Mitsos, George Thanos, Faidon Liambotis TF-MSP meeting, AmsterdamFebruary 4th 2009

More Related