The Computing Infrastructure

Division of Computing and Information Technology

CLEMSONU N I V E R S I T Y

July 30, 1997

Agenda

Background Network Backbone Design & Connectivity Network Resource Access DCIT and Departmental Public Lab Access User Support and Training Summary

Background on Clemson IS Large Systems Background Strong Development Shop Mainframe and Open Systems Expertise Departmental LANs ruled 90’s until Novell Directory

Services (NDS) NDS populated in Summer 1995 (36,000 users) Departmental LANs gone. More centralized management of

the network. NDS is centerpiece of security and authentication.

Mission

Provide computing infrastructure. Empower Users and Departments. Provide guidance in selecting solutions

based on industry standards. Deploy solutions to meet the needs of

institutional computing. Provide user support and training.

Network BackboneDesign andConnectivity

Networking @ Clemson

Core Backbone Distribution Access Dorm Access Off Campus Access Extension Offices Internet Access

Core Backbone

FDDI 100Mbps ring Connecting 8 Fiber Distribution Centers FDDI connected routers

FDDI Core Backbone

Holms

Lowry

Strode

VickeryPoole

Sikes

Brackett

ITC

Distribution

Distribute backbone connections to buildings.

Most buildings have two 10Mbps connections.

Implementing switched 100Mbps connections to buildings.

Labs within buildings are on a dedicated 10Mbps connection.

Distribution Example

10M Ethernet

10M Ethernet

100M Ethernet

100M Ethernet

Strode Core Router

Cooper

Edwards

Jordan

Mauldin

Access

Category 5 cabling within buildings. Switches are used to provide traffic

segmentation. Most buildings have 48 to 78 users per

segment.

Access

In the last year we have been connecting 24 port shared hubs to switched 10M segments for general use.

High bandwidth areas will get switched 10 or 100Mbps connections.

Access Example 1

24 Port HubStackable

24 Port HubStackable

24 Port HubStackable

10Mbps Ethernet

72 Workstations on one segment

Access Example 2

Ethernet 10M24 Port Shared HubEthernet 10M24 Port Shared HubEthernet 10M24 Port Shared HubFast Ethernet 100MSwitchGroup ServerFast Ethernet 100M

Ethernet 10M24 Port Shared HubEthernet 10M24 Port Shared HubEthernet 10M24 Port Shared HubFast Ethernet 100MSwitchGroup ServerFast Ethernet 100MEthernet 10MOR

Ethernet 10M

24 Port Shared Hub

Ethernet 10M24 Port Shared Hub

Ethernet 10M

24 Port Shared Hub

Fast Ethernet 100M

Switch

Group Server

Fast Ethernet 100M

Ethernet 10M

OR

Dorm Access

2500+ dorm rooms have a 10BaseT Ethernet connection per bed.

We use DHCP to assign IP addresses. This Fall there will be a WEB page for

Dorm residents to signup for service. Automation of the port activation.

Off Campus Access

Partnered with MCI for dial up access. Limited PPP connectivity free. Any Internet Service Provider.

CampusMCI

MCI Provides ALL equipment and lines. Adds additional equipment when needed. Direct connection to the Clemson Network. Internet traffic uses MCI’s Internet

connection.

CampusMCI Cost to User

$14.95/month for 70 hours of connect time. $0.95/ hour for additional connect time. The hours 1am - 6am are FREE. 800 service available at an additional

$0.10/minute

Free Dial Up Access

52 lines for Dial Up network access. Support Point to Point Protocol (PPP). Session time limit 30 minutes. Limited to the Clemson domain, no Internet

access.

Any Internet Service Provider

Faculty, Staff and Students can use their choice of Internet Service Providers to access Clemson Network resources.

Extension Offices

All 46 County Extension Offices of South Carolina are connected to the Clemson Network via Bell South Frame Relay service.

Each office has at least 24 ethernet ports.

Internet Access

BBN Planet provides a 3Mbps connection to Clemson from their Austell, Ga T-3 point of presence.

Will be converting to Info Avenue in Fall 1997.

What’s Next?

Add the Calhoun Courts and Lightsey Bridge dorms to the network.

Additional buildings with 100Mbps connections to backbone.

Deploy additional switches with the buildings.

ATM network testing.

Network ResourceAccess

Goals Promote collaborative computing

– Intra-workgroup– Inter-workgroup– Faculty/Student

Individual/Group presence on the network. Central management of computing Distributed management of data Single authentication of distributed systems. Keep heterogeneous systems “homogeneous”

Server Strategy & Management Novell, NT, Unix, and OS/390 servers maintained

by DCIT DCIT provides hardware and Network Operating

System (NOS). DCIT administers backups. DCIT performs user administration. Group maintains data and security with help of a

Tech Support Provider (TSP). Virus Protection and Software Metering

Automatic Userid System (AUS)

AUS

Personnel Admissions

MVS

Unix

NDS

Other

Other

Distribute Resource Management

U se rs C A F LS

C iv i l M e cha n ica l E le c trica l

C E S L ib ra ry

C L E M S O N U

Personal Storage (User Data Servers)

StudentD

EmployeD

Any Faculty or Staff Member

Any Student

Office, Lab, or DialUp

Dorm, Lab, or DialUp

Collaborative Storage - “Group Servers” (Faculty & Staff)

Group Server2

EmployeD

Group Server1

Collaborative Storage - “App Servers” (Students)

StudentD

Applications Server(N)

Collaborative Storage (Faculty and Students)

App ServerEmployeD

Group Server1 StudentD

Printing Strategy

OS/390

Unix

???

PrintGateway

PC PC PCMac

Q

Q

Q

Q

Q

NDS Design for Printing

A

B

P o o le

L ib ra ry

IT C

...

P rin te rs

E m plo yee

A

B

P rin te rs

S tud en ts P rtD ev C A F LS

C iv i l M e cha n ica l

C E S

c le m so nu

Electronic Mail Server: Based on Sun Solaris. No user accounts required on Solaris. Server software developed at Clemson. Multiple recipients / one copy of message. Server based on POP/MIME Internet standard

protocols. IMAP4 coming? Eudora site license purchased by DCIT. Listserver gaining wide spread acceptance and use.

Class/section list automated.

Mail Server

DOSDOS POPcPOPc

mainframemainframe POPcPOPc

WindowsWindows POPcPOPc

MacMac POPcPOPc

UNIXUNIX POPcPOPc

OS/2OS/2 POPcPOPc ?? POPcPOPc

popDpopD ListDListD MailServer

MailServer

Mail Server: Statistics

1995 1996 1997* Category14k 46k 85k Daily Average POP Connections

13k 36k 62k Daily Average Msgs Retrieved from Server

27k 48k 92k Average Msgs Sent using Server per day

*based on partial year statistics through May 26, 1997.

Automated Email Distribution List & NDS Group Membership

MVS OS/390

ListMGRpopDpopD ListDListD Mail

Server

MailServer

TCP/IP

Class RolesDepartments

NDSGroupMGR

NLM

TCP/IP

WEB Serving

Institutional Servers Department or Group Servers Organizational Page Servers Personal Page Servers Administrative and Student Application

Page Servers

NDS web Security via NT/Unix/?

Authentication Server

Too many userid/password combinations for each user to remember.

Need central set of secure servers that all systems use for authentication.

Clemson University Personal ID (CUPID). Based on Automatic Userid System (AUS). Idea born in interdepartmental task force. Production on July 1, 1996.

Authentication Server

MAILMAIL authCauthC

WEBWEB authCauthC

mainframemainframe authCauthC

UnixUnix authCauthC

NetwareNetware authCauthC

SunSun authCauthC

NTNT authCauthCOracleOracle authCauthC

NDS

IntranetWare Server BIntranetWare Server A

AUTHSERV.NLM

IntranetWare Server C

Mainframe(MVS)

VTAM

RACF

AuthClient

Onlines

MAIL(solaris)

AuthClient

POPd

NTServer(4.0)

AuthClient

Website

Application

User Workstation (‘95/Mac/NT Workstation)

Eudora TN3270 Netscape Login.exe

Linux

AuthClient

Apache

Application

AUTHSERV.NLM AUTHSERV.NLM

Authentication Server

NLM is multithreaded. Clients use common code base. Clients have built-in failover capability. Communication based on TCP/IP sockets. >90% successful password checks complete in

less than 0.1 seconds. >2 million requests serviced by primary server

over a 6 week period. 50,000/day

NDS Authentication through NT/Unix/other To the WEB?

Application:Employee InfoSystem (EIS)

Type:WEB

Server OS:Windows NT 4.0

Server Enabling App:Website/Visual Basic

Using NDS Security Across the Intranet

AuthenticatedClient

ServerAuthClient

AuthenticationServer

NDS

Netscape IIS32bitDLL

AUTHSERVNLM

NDS

Page requestCheckEquiv

Check SecurityEquivalence

Locate user objectand run equivalencelist.

NT 4.0

AUTHSERV Client Functions

Password Check Password Change Resolve to Fully Distinguished Name Check Security Equivalence Check 3rd Party Access Rights Return Group Membership Misc Administrative Functions

Caldera OpenLinux and Apache

Caldera OpenLinux

FileServer

FileServer

FileServer

AuthC

Browser

Browser

Browser

Browser

AuthServer

FileServer

FileServer

WEB gateway to Netware File System.

Web Interface to Home Directories via Authserv NDS Gateway

Application:Personal Pages

Type:WEB

Server OS:Linux

Server Enabling App:Apache/Caldera

http://www.clemson.edu/~acollin

Web Interface to Department Pages

Application:Departmental Pages

Type:WEB

Server OS:Linux

Server Enabling App:Apache/Caldera

http://dcitnds.clemson.edu/CSO/depts/maint

Using NDS to Secure Web Pages

NovellAuth onAuthName Novell TreeAuthType Basic <Limit GET POST>require user gmcochrrequire user kellenrequire group .resadmin.groups.employee.clemsonu</Limit>

WebAuth: Web Single Signon

Workstation 3rd PartyWebServer

WebAuthClient

AuthServNLM

NDS

WebAuthNLM

AuthClient

WebBrowser

1

WebBrowser

2

DCITAuthentication

WebServer

WebAuthTrustedClient

CHECK

STORE

Only trusted web servers prompt for userid password and set cookie in browser. Other web servers must use the cookie to determine the user.

Redirect

Goals - Review Promote collaborative computing

– Intra-workgroup– Inter-workgroup– Faculty/Student

Individual/Group presence on the network Central management of computing Distributed management of data Single authentication of distributed systems Keep heterogeneous systems “homogeneous”

DCIT & DepartmentalLab Access

DCIT Public Access Labs

For Everyone (not just Students). Consist of Mac and PC workstations. Every user has virtual “personal PC”. All labs are identical to the user. Each lab has an “application server”. General purpose apps supplied by DCIT. DCIT installs and administers applications for

departments.

Departmental Labs

Marry DCIT’s public lab framework with the specialized needs of a department lab.

Space and workstations provided by the department.

Maintained by the department and SIG. Allow the user access to the “lab” from

anywhere.

Supported Operating Systemsin Public Labs

Windows 3.11 Windows 95 Macintosh (System 7.6)

Windows 3.11 Lab Workstation Key Features “Isitcool” is used to provide application server

failover support. Workstation runs “The Conformist” to ensure

consistency among machines. Custom contextless login is used to avoid context

“problem.” Each user gets a “Virtual PC” which follows them

from computer to computer.

Isitcool - Fail-over Applications Server Attachment

Applications Server(2)

ISITCOOL NLM

Applications Server(n)

ISITCOOL NLM

Applications Server(1)

Work-station

Lab 1

ISITCOOL NLM

WorkstationDisk Image

Applications

Isitcool?

NO!

NO!

YES!

The Conformist

Applications Server(1)

Work-station

Lab 1

ISITCOOL NLM

WorkstationDisk Image

Applications

Written by Clemson to provide a solution to the problem of corrupted workstations.

All application servers contain a image of a “perfect” workstation drive.

The conformist performs comparison of the local drive to this “perfect” image and makes the appropriate changes.

The conformist can also allow for slight variations between workstations.

Contextless login program

The user only has to enter their userid and password and we search for their userid in the three user containers and log the user in if found.

This means the user types “joeuser” and does not have to remember “.joeuser.j.students.clemsonu”

Virtual PC

All user settings are stored in their Novell home directory

This means as you move from PC to PC your settings follow, giving you the feel of your own PC each time you use a lab machine regardless of location.

Windows 95 Lab Workstation Key Features SFLogin is used as contextless login solution.

Isitcool is used for workstation failover. Roaming profiles are supported to provide virtual

PC. Profiles are implemented in a way to reduce network traffic

PCRDist is run to ensure machine consistency.

Macintosh Lab Workstation Key Features “Assimilator” is used to ensure consistency

among machines. Custom contextless login program is used

to eliminate the context “problem”. Eudora Launcher and Netscape Launcher

are used to bring some of the features of the Virtual PC to the Macintosh.

The Assimilator

AppleShare FileServer

Work-station

Lab 1

Macintosh

WorkstationDisk Image

Applications

Appleshare File Servers contain a image of a “perfect” workstation drive.

Assimilator is not currently NDS aware so, images are currently stored on Macintosh Appleshare fileservers.

The Assimilator performs comparison of the local drive to this “perfect” image and makes the appropriate changes.

Macintosh Contextless Login

The Macintosh login provides not only a contextless login solution, but finds and maps the users home directory as well.

User Support& Training

Support Structure

Questions/Problems

Answers/Resources

ClientSupport

SystemsIntegration

LANSystems

NetworkServices

TSPs

HelpDesk

FacultyStaff

Students

Level 1

CollegeConsultant

ComputerResources

EnterpriseSystems

UniversitySystemsSupport

Level 2Level 3

Training

Employee Training Student Training

Employee Training

University Support Systems Customized Training Desktop Applications Office Applications Specialist Certification

Program Technology Support Program

Student Training

In-class training Computer Literacy Program Short courses

Advanced Technology Center (ATC) Focus on University multimedia activities Provides funding for faculty multimedia

projects Maintains multimedia labs for training

faculty and testing software Offers multimedia training classes

Summary

Summary

Clearly defined infrastructure support model

National leader in supporting collaborative computing

Efficient cooperative user support model Weak points in support structure accurately

identified