210 likes | 218 Views
This report details the structure and implementation of the Waterloo Nexus Active Directory environment, emphasizing distributed administration across faculties. It covers server statistics, documentation goals, synchronization features, and future outlook. The Nexus system supports Macintosh and Linux authentication, with customization enabling multi-tiered administration. The report also discusses the use of a firewall for student labs, software packaging strategies, and enhancements to the logon browser interface for improved user experience.
E N D
WNAG: Advisory Report Presented to: UCIST By: Stephen Nickerson February 3, 2006
Waterloo Nexus Advisory Group • Waterloo Nexus Advisory Group (WNAG) consists of members from: • Applied Health Sciences (AHS) • Arts • Engineering • Environmental Studies (ES) • Information Systems and Technology (IST) • Math • Science
Waterloo Nexus Advisory Group • The Nexus Active Directory Environment consists of: • industry standard implementations and practices • some customized configuration • some tools developed in-house
Waterloo Nexus Advisory Group • Nexus supports distributed administration • There are four domain administrator accounts • Two in the Faculty of Engineering • The other two are distributed among the other faculties • This provides opportunity for all to participate at the domain administrator level
Waterloo Nexus Advisory Group • Distributed Administration – Cont’d • Faculties/Departments all have Organizational Unit (OU) level Administration • Each Faculty/Department has full administrative control over their OU
Waterloo Nexus Advisory Group • Nexus was created as a secure environment • Nexus continues to expand both as a teaching environment and in office and research environments • Nexus has adapted to support Macintosh and Linux authentication
Waterloo Nexus Advisory Group • There are approximately 3425 Nexus servers and workstations (31 Jan. 2006) • 7 Servers • 3418 Workstations • AHS 361 • Arts 447 • Engineering 1722 • ES 247 • IST 91 • Math 246 • Science 304
Waterloo Nexus Advisory Group • Active Directory (AD) was designed for top-down administration • The Nexus AD was designed for multi-tiered administration • Customization of the Nexus AD enables distributed administration at the faculty/department OU level
Waterloo Nexus Advisory Group • Six Domain Controllers (DCs) are distributed across campus • Provides redundancy and increases the robustness of the environment
Waterloo Nexus Advisory Group • Each ‘home’ faculty provides disk space for their student accounts • additional disk space may be required by a student taking a course, and provided by the ‘teaching’ faculty
Waterloo Nexus Advisory Group • The WNAG mailing list provides a forum for questions, suggestions and comments • Direct access to peers • Feedback is prompt • Issues are addressed quickly
Waterloo Nexus Advisory Group • documentation subcommittee goals • Improve existing documentation • Create additional documentation • Assist new administrators • Use Nexus TWiki • Allows for collaboration on documentation
Waterloo Nexus Advisory Group • Nexus was designed: • to present users and administrators with a flexible, secure environment • for ease of management through automation • e.g. accounts are automatically created based on Registrar data
Waterloo Nexus Advisory Group • Nexus determines faculty- and user-specific values at login • these values are used by user-applications • Examples: • Setting appropriate servers for e-mail clients • Faculty and department variables for other uses
Waterloo Nexus Advisory Group • Started the convention of placing lab machines under an OU called “public access” • Helps with data mining • Compare and contrast what goes on in public labs and office machines • Makes it easier to determine how many public and private machines are in the Nexus environment
Waterloo Nexus Advisory Group • Nexus provides synchronization of UNIX and Nexus passwords • Added support for –userid • Allows for logging in without the user’s roaming profile • Professors/Instructors have found this beneficial when using podium machines
Waterloo Nexus Advisory Group • NIPFW (firewall for student labs) • Based on the sourceforge project WIPFW • This is a MS Windows port of the FreeBSD package IPFW1 • Provides logging • Automatically gathers statistics • Has a command line interface • A very robust firewall • Rule definition format is comprehensive and well defined • Currently being tested in Arts and Science
Waterloo Nexus Advisory Group • Software packaging • Engineering Computing packages the common applications software - used by many faculties/departments • Each faculty/department package software for their specific needs, as required.
Waterloo Nexus Advisory Group • The logon browser is Nexus specific • A concept brought forward from Polaris • New look logon page - Spring 2005 • closer to the UW “Common Look and Feel” • customizable image and text areas • The customizations can be done in an OU specific manner • Setting URLs in the AD entry • Allows faculties/departments to display important messages for their users
Waterloo Nexus Advisory Group • Looking to the future • Nexus will continue to evolve with Active Directory and other technologies • Continued growth • Main Campus • Student labs (e.g. Science is planning a new lab) • Office and research environments • Beyond the Main Campus • School of Architecture (Cambridge) • School of Pharmacy (Kitchener)