420 likes | 765 Views
IT Services Organization Chart. Computing Services. Authentication: SUNet IDs. S tanford U niversity Net work ID entifier 3-8 character identifier Permanent – cradle to grave – but aliases allowed! Not private and not anonymous Your “golden key” to online services
E N D
Computing Services Authentication: SUNet IDs • Stanford University Network IDentifier • 3-8 character identifier • Permanent – cradle to grave – but aliases allowed! • Not private and not anonymous • Your “golden key” to online services • Password – change every 180 days • http://sunetid.stanford.edu
Computing Services Authentication: Workgroup Manager • Workgroup Manager • Web application • Defines groups of community members for use on restricted web pages or applications • Workgroups are: • Lists of members in a group • Identified by their SUNet IDs • Given a name that uniquely identifies them. • Replicated into the Active Directory (AD) – more on AD later! A workgroup may also contain subgroups! • http://mais.stanford.edu/applications/workgroup/
Computing Services Authentication: Types of Workgroups • 3 types of workgroups: • System-maintained workgroups: stanford:student (students) stanford:academic (faculty and students) stanford:faculty (faculty) stanford:administrative (staff and faculty) stanford:staff (staff) stanford:stanford (students, faculty, and staff) • Department workgroups (often identified by the department’s assigned stem) organization:businessaffairs_its gsb:affiliates helpdesk:consultants • Individual workgroups (identified by the owner’s SUNet ID preceded by a tilde ~) ~jdoe:book_exchange ~instr:friends ~santa:naughty_children • Using workgroups (with Webauth, for example) in a .htaccess file: AuthType WebAuth AuthType WebAuth AuthType WebAuth require privgroup stanford:staff require privgroup its:directors require privgroup ~instr:friends
Computing Services Authentication: Kerberos • Kerberos: • A network authentication system for use on physically insecure networks. • The heart of Stanford’s campus-wide network security infrastructure. • Prevents eavesdropping or replay attacks. • Provides for data stream integrity (detection of modification) • Prevents unauthorized reading of data using cryptography systems such as the Data Encryption Standard. • Is the official method for authentication at Stanford(see Admin Guide 64)
Computing Services Authentication: Establishing Kerberos Credentials • Windows: • Network Identity Manager (NIM) • Stanford Desktop Tools • http://www.stanford.edu/services/ess/pc/docs/kerberos/ • Macs: • Kerberos for Macintosh (runs in the background) • Stanford Desktop Tools • http://www.stanford.edu/services/ess/mac/docs/kerberos/ • Unix: • kinit • http://unixdocs.stanford.edu/loggingin.html • How does it work? • User runs NIM (Windows) or Stanford Desktop Tools (Windows/Mac) or kinit • User logs in with valid SUNet ID and corresponding password • Kerberos credentials are established!
Computing Services Authentication: Web Authentication (WebAuth) • Open-source web-based system for authenticating users (developed here!) • Protects web sites on the main Stanford web servers • Can be used with other Apache-based web servers • How does it work? • User visits a protected website • Login screen appears and user enters SUNet ID and password • User’s identity and Kerberos ticket carried in a cookie • https://weblogin.stanford.edu/help.html • http://webauth.stanford.edu
Computing Services Authentication: Web Login (WebAuth continued) • 2 keys are given to you when you log in: • a key to the specific web site or service you visited, • and a "master" key that opens other protected web sites. • The keys last until you quit your browser program, or until they expire – up to 10 hours later. • Be sure you have "turned in your keys" by quitting your browser before you leave your computer. • Otherwise other people can access websites as though they are you! • Note: • Using a protocol called SPNEGO, supported browsers can access protected web sites using Kerberos credentials obtained from your computer login instead of using the WebLogin screen. • For details, go to https://weblogin.stanford.edu/config.html
Computing Services Authentication: Shibboleth http://www.stanford.edu/services/shibboleth/ • Lets you access secured non-Stanford sites (only those who have joined a common federation) using your SUNet ID. • Lets Stanford web servers authenticate users from those non-Stanford institutions using their local authentication credentials. • Example: COManage – Internet2 Project • Still in development… • COManage is the Collaborative Organization Management Platform developed by the Internet2 Middleware Initiative. It is intended as a demonstration of the capabilities offered by tying together federated identity management (Shibboleth), groups management (Grouper), and (coming soon) privilege management into a cohesive support infrastructure for a variety of collaborative applications. • http://middleware.internet2.edu/co/ • http://comanage-dev.stanford.edu/
Computing Services Authentication: Guest Accounts • Based on email address • Uses Shibboleth as authentication • A Stanford Guest Account allows you to view specific Stanford web pages that normally require Stanford-Affiliated SUNet identification. A Guest Account might allow you to view and interact with web-authenticated department, individual, and group pages. The owner of the restricted pages can allow you to access them via your Guest Account. • Note: A Guest Account cannot be used to access any restricted data including HIPAA, FERPA, or PCI-regulated data. • http://www.stanford.edu/service/guest/ page 10
Computing Services Distributed File Systems – AFS (Andrew File System) • Stanford’s campus-wide file system • Allows users to efficiently share files across local and wide area networks • System is backed up nightly • University’s main web site and linked files hosted on AFS • http://www.stanford.edu/services/afs/
Computing Services Distributed File Systems – AFS disk space quota • 1 GB of disk space per users, group, or department • Can be used to store web pages, text files, computer programs, pictures and other digital data • Learn more:http://www.stanford.edu/services/disk-space/ • Request group/dept space or increase quota:http://tools.stanford.edu/
Computing Services Distributed File Systems – OpenAFS • Lets you access AFS space on a desktop computer as a shared drive • http://www.stanford.edu/services/openafs/ Mac Windows
Computing Services Distributed File Systems – Copying Files to AFS • For step-by-step instructions on copying files to AFS, visit http://filetransfer.stanford.edu/ • OpenAFS • SFTP (Fetch/SecureFX) • WebAFS is a new, web-based method to easily copy files to AFS • http://afs.stanford.edu/ • http://www.stanford.edu/services/afs/webafs/userguide/
Computing Services Distributed File Systems – Workgroup Integration • Workgroups can be integrated with AFS, Mailing Lists, and the Active Directory • https://tools.stanford.edu/cgi-bin/workgroup-admin
Computing Services Distributed File Systems • Common Internet File System (CIFS) • CIFS (Common Internet File System) = “file servers” • Also known as “Server Message Block” • Also known as the “Windows File Sharing” • At Stanford, we use the CIFS protocol to provide access to a central file service. • Can be used to share and store files for groups and departments. • Authentication is via Kerberos and NTLM version 2 (Windows NT LAN Manager) • http://www.stanford.edu/services/storage/lowcost/cifs/
Computing Services Backup, System Security, and Anti-Virus • Backing Up: • Desktop/laptops (e.g., Mozy, Iron Mountain (BaRS being deprecated)) • Basically outsourced with a Stanford rate - CRC can help if part of a CRC contract • Servers (e.g., AFS) - Using TSM (looking at disk to disk backup solutions) • System Security: • BigFix – http://www.stanford.edu/services/bigfix/ An OS patch management service which distributes critical security updates to Windows PCs and Macintoshes. • PC Security Self-Help - http://www.stanford.edu/group/security/securecomputing/ • OS Updates • Windows: http://windowsupdate.microsoft.com/ • Apple: http://support.apple.com/ • Linux/Unix • Anti-Virus: Sophos (Stanford site-licensed anti-malware software, providing protection from both viruses and adware/spyware) • http://ess.stanford.edu/pc/sophos.html • http://ess.stanford.edu/mac/sophos.html
Computing Services Business Applications Support Support for ITS internal business apps and campus-wide enabling applications • Pinnacle (Billing), OrderIT, MyITServices • General Enterprise/IT Support Systems • Remedy/HelpSU - tickets; reporting • CMDB (Configuration Management DataBase) – at Stanford, we use BMC Remedy • Calendaring • Zimbra information: http://www.stanford.edu/services/emailcalendar/ • Docushare • A content and document management system • http://docushare.stanford.edu • Infra • Change Management system used to create, approve, schedule, and provide notification of change requests related to IT systems hardware and software • http://changemanagement.stanford.edu • Stanford Answers (also Client Support): http://answers.stanford.edu
Computing Services Business Applications Support (continued) Support for ITS internal business apps and campus-wide enabling applications • ACES (Access Control Enterprise Systems) – Card access to buildings • Lenel • CS Gold • eCommerce – a suite of services that enables Stanford's schools, centers, and departments to establish themselves as merchants, and market and sell products and services on the web. Managed by the Controller’s Office. • SMARTS – monitoring tool to monitor and respond to alerts from networks (phone, switch, data, VOIP, Net-to-Switch/Jack), door security, and environmental systems in the data centers • Unanet – time tracking tool that IT Services uses internally to track staff work time • Jira – tool used to track bugs and other issues in enterprise software used at Stanford
Computing Services Departmental compute servers • Remote access to high-speed, high-power computing resources to support large jobs and provide support for core curriculum and research • Support for departmental or course-specific computing needs. • Specific compute services that don't scale to an enterprise level.
Computing Services Database Services – MySQL • IT Services provides consulting and assistance with databases and database vendors, as well as hosting and support. • MySQL service • Popular open source database management system • With PHP programming language, used to build dynamic, interactive Web sites. • Available for Stanford departments and official University groups and services • https://www.stanford.edu/services/sql/ • http://mysql.stanford.edu
Computing Services Database Services – Microsoft SQL and Oracle • Microsoft SQL • Microsoft’s implementation of SQL • IT Services offers support for departments who have implemented Microsoft SQL • Oracle • IT Services provides consulting and assistance with databases and database vendors, as well as hosting and support. • Note: No Oracle DBAs in-house • For-fee services - supported via Ntirety
Computing Services Directory Services (Registries) • OpenLDAP (Open Lightweight Directory Access Protocol) • http://www.stanford.edu/services/pubsw/package/network/openldap.html • http://www.stanford.edu/services/directory/ • http://www.openldap.org/ • Active Directory • http://windows.stanford.edu/Public/Infrastructure/Services/Directory.html • Whois / StanfordWho • http://stanfordwho.stanford.edu/ • StanfordWhat • http://stanfordwhat.stanford.edu/ • Workgroup Manager • http://workgroup.stanford.edu/ • StanfordYou • http://stanfordyou.stanford.edu/ • Printed Directory (ASSU) • http://assu.stanford.edu/
Computing Services Directory Services (Registries)
Computing Services Technical Facilities (TFAC) • Provides operational management and support for: • IT Services production systems • Infrastructure supporting these systems • Data Centers • Forsythe, Sweet Hall, the 12 ECH (Electronic Communication Hub) facilities, and the Auxiliary Data Center in Livermore, CA) • Responsible for: • Space Planning • Vendor/Customer Coordination • System Hardware Installation • Cabinetry • Low Voltage Cabling and Branch Circuit Distribution • Tracking all equipment in the data centers, IT Services, Administrative Systems, and the CFO’s office (Property Administration)
Computing Services Storage Management • IT Services provides solutions to data storage needs for all levels — individual, departmental, and institution-wide (enterprise). • 1 GB of AFS storage space is provided at no charge • Three additional tiers of fee based storage, each priced per gigabyte for maximum flexibility. • This service provided by block-level, or file-level storage with multiple available protocols (SAN, NAS, iSCSI, CIFS, AFS, etc). • For interconnection, fiber channel and iSCSI is recommended • http://www.stanford.edu/services/storage/
Computing Services Unix/Linux/Windows System Administration • Unix/Linux System Administration • Plan, manage and operate development and production servers in Forsythe Data Center, Sweet Hall, and West ECH, East ECH, and Press ECH. • http://www.stanford.edu/services/unixcomputing/ • Windows System Administration • Addresses the need to move closer to single sign-on • Provides location-independent access to resources, • Provides manageability and security for the Microsoft Windows platform • http://windows.stanford.edu/
Computing Services Web Services – Infrastructure Stuff • ITS web services allow clients control over the collection (database) and presentation (web) of information using various tools. • Virtual Host: • Lets you have a shorter web address (URL – Uniform Resource Locator) • Learn more: http://virtualhosting.stanford.edu/ • Request or update existing: http://tools.stanford.edu/ • Scheduling Service: • Lets you schedule Unix commands to be run at a particular time. • Request or update existing: http://tools.stanford.edu/ • Log Dump Request: • Lets web administrators manage site’s logging information • Using AWStats, can view statistics about activity on their site • Request or update existing: http://tools.stanford.edu/ • Web Searching: • http://search.stanford.edu/ • http://www.stanford.edu/services/websearch/google/ • Web Space: http://www.stanford.edu/services/web/
Computing Services Web Services – Databases • MySQL • Popular, free, open-source relational database management system known for its speed, reliability, and ease of use. • http://www.stanford.edu/services/sql/ • http://mysql.stanford.edu • Request a database: http://tools.stanford.edu/ • Microsoft SQL • Microsoft’s implementation of SQL • IT Services offers support for departments who have implemented Microsoft SQL via Ntirety support (for-fee service)
Computing Services Web Services – Forms and CGI • CGI (Common Gateway Interface): • Lets you run programs on the Web – providing dynamic content, collecting user input, and offering services • Ruby, Python, PHP and Perl languages are supported • http://cgi.stanford.edu/ • Request CGI service: http://tools.stanford.edu/ • Form Builder: • Build, publish, and manage web forms on the Stanford servers • http://formbuilder.stanford.edu • http://www.stanford.edu/services/webforms/
Computing Services Web Services – Content Management Systems (CMS) • Content Management Systems (CMS): • Drupal installation: http://tools.stanford.edu/ • Stanford look and feel templates:http://web.stanford.edu/design/templates/modern/ • SharePoint: http://www.stanford.edu/services/sharepoint/ • Other systems will work, but aren’t necessarily supported. Your mileage may vary! • Note: These products are evolving. Stay tuned for new developments!
Computing Services Web Services – Blogs • Blogs: • MovableType installation: http://software.stanford.edu/ • WordPress installation: http://tools.stanford.edu/ • Drupal installation: http://tools.stanford.edu/ • Stanford look and feel templates:http://web.stanford.edu/design/templates/modern/ • SharePoint: http://www.stanford.edu/services/sharepoint/ • Other systems will work, but aren’t necessarily supported. Your mileage may vary!
Computing Services Web Services – Wikis • Wikis: • MediaWiki installation: http://tools.stanford.edu/ • Drupal installation: http://tools.stanford.edu/ • Stanford look and feel templates:http://web.stanford.edu/design/templates/modern/ • SharePoint: http://www.stanford.edu/services/sharepoint/ • Other systems will work, but aren’t necessarily supported. Your mileage may vary!
Computing Services Web Services – SharePoint • Fee-based service • Offers tools for managing content on the Web • Contains wikis, blogs, discussion forums, event calendars, announcements, task lists, etc. built-in • Workflow tools help manage and automate business processes (approvals/publishing) • http://www.stanford.edu/services/sharepoint/
Computing Services Email at Stanford • Email at Stanford: http://email.stanford.edu/ • Antivirus / SPAM (Sophos PureMessage): http://email.stanford.edu/antispam • Bulk email: Send email to large numbers of Stanford users for official, approved Stanford administrative purposes. • Mailing list services (Mailman): http://mailman.stanford.edu • Secure email: http://secureemail.stanford.edu/ This service is for off-campus secure communication (extra hurdles for data security) • Support for Microsoft Exchange servers • ITS is running a BES server for Blackberry devices
Computing Services Stanford Collaboration Tools (Email/Calendar/IM) • Integrated Email and Calendaring (IEC) web site: http://iec.stanford.edu • Stanford Email and Calendar services web site: http://www.stanford.edu/services/emailcalendar/ • IEC solution • Webmail: http://webmail.stanford.edu/ • Webcal: http://webcal.stanford.edu/ • Desktop tools (Outlook, iCal, Apple Mail, Thunderbird):http://www.stanford.edu/services/emailcalendar/desktop • Email Service Tools: http://tools.stanford.edu • Stanford Instant Messaging • http://im.stanford.edu/ • Centrally-funded instant messaging service provided free-of-charge to the Stanford community, using kerberos, SSL, and the jabber (XMPP) protocols • A safe and secure way to conduct confidential Stanford business online, real-time. (Messages are secure only when sent between Stanford accounts.)