1 / 17

Windows NT at DESY

Windows NT at DESY. Status report new developments for the automation of administrative tasks outlook to our preparations. Summary - Domain Structure. one domain model DESY group structure in the flat NT4 name space special naming conventions 40 living groups group administrators

cayla
Download Presentation

Windows NT at DESY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows NT at DESY Status report new developments for the automationof administrative tasks outlook to our preparations The DESY WindowsNT Group

  2. Summary - Domain Structure • one domain model • DESY group structure in the flat NT4 name space • special naming conventions • 40 living groups • group administrators • TEM is used for user/group administration http://www.mddinc.com • NetInstall is used for the application support http://netsupport.gmbh.de The DESY WindowsNT Group

  3. Summary - (central) Infrastructure 1 PDC 2 BDC (Hamburg + Zeuthen) 1 Home Directory Server Cluster at Hamburg 1 Server at Zeuthen 2 nodes plus 70 GByte RAID3/5 32 GByte RAID 1 Application Server Cluster at Hamburg 1 Server at Zeuthen2 nodes plus 35 Gbyte RAID3/5 16 GByte SW RAID 1 Mail Server 2 Print Server (Hamburg + Zeuthen) 1 Utility Server, 1 IIS, 1 Dfs Server 2 WINS (Hamburg + Zeuthen) The DESY WindowsNT Group

  4. NEWS • statistics • ~ 800 NT clients (active on the domain during last 2 month) • 1300 registered users • nearly 600 daily active users/PC’s (connected to central servers) • NetInstall in production since mid of May • 200 Yellow • 60 Green • Mail Server in production • Application/Script Server The DESY WindowsNT Group

  5. Workstations online The DESY WindowsNT Group

  6. Connections during the day The DESY WindowsNT Group

  7. Users on Home Directory Servers The DESY WindowsNT Group

  8. NetInstall Status • Production environmentjust now with 200 and 60 active workstations • To get simple access and support for central services the NI environment is necessary.basic setup: Perl, Scripting Host, userconfig., home directory setup • Problems with the green setupremote support, helpdesk, complicated package setup • HERA controls and Zeuthen with own NI databasesreplicated from the central ASG-DB plus own packages • Migration to NI5 in Autumnhierarchical databases, multiple serversinternal replication,…., still SMS compliant ----> the right time to jump on The DESY WindowsNT Group

  9. NT Mail • in production since April/Mai • IMAP server from UW V11.237 • the MTA is sendmail V8.8.6 • the client is Netscape Communicator V4.05 • problems with the logging scheme of the inbox • sendmail is not able to append new mail on an open inbox • workaround under test • a possible migration to PMDF is in discussion (end of the year) The DESY WindowsNT Group

  10. Domain automation - the tasks • Tasks for group administrators • most of them handled with the TEM • user account maintenance (password reset, management of parts of the user environment like mail forwarding, user registry updates, …) • group management • more global tasks • creating new user accounts (embedded in the common DESY user registry) • creating new global user groups • moving users (homedir’s) between servers and/or groups • moving group file systems/shares between servers • Dfs maintenance • print server maintenance The DESY WindowsNT Group

  11. Domain automation - the problems • Most of the scripts and programs must run under a domain administrator account. • The responsible persons to do the jobs are normal users without special privileges, perhaps group admins. • Security has to be guaranteed over the whole process • authentication • user rights - who is allowed to do what • Integrity of the systems has to be guaranteed • job/task control (to execute it at the right place and time) • checks for parameters The DESY WindowsNT Group

  12. Domain automation - approach • Core of the solution will be the MS Transaction Server • The access should be flexible as much as possible • normally from a web browser over the IIS • direct by special applications • independent from programming and script languages • simple and central management/maintenance • central management of the jobs/tasks - one configuration file • access control by the help of the transaction server The DESY WindowsNT Group

  13. Domain automation - scheme Client indirect - via SSL IIS TransactionServer .DLL Script / Program Execution ASP DomainAuto.cfg ConfigurationFile Client direct Roles The DESY WindowsNT Group

  14. IIS & Transaction Server • Why accessing the IIS via SSL? • Necessary to ensure secure access and authentication over the LAN/internet - “password” security Level is required • Certificate Authority - self made, planed to become sub CA from DFN (CERT) • DCOM interface is used to access the transaction server • Authentication is done automatically (NTLM-A.) • Packet privacy is used • Object and functions are defined by the DLL added to the transaction server Set scriptObj = CreateObject(“DomainAuto.DomainAuto.1”) scriptObj.InvokeScript (“scripname”, “param1 param2”) The DESY WindowsNT Group

  15. Inside the MTS %WINDIR%\system32\DomainAuto.cfg Roles #comment#format: (separator = tab) #ScriptName Script Role Flag0/1DeleteComputer C:\scripts\dc.bat RoleDC 1 # DeleteUser C:\scripts\du.bat Admins 0 RoleDC:GroupAdmusg_ Admins:DomainAdmins Scripts C:\scripts\dc.bat C:\scripts\du.bat Set obj = CreateObject(“DomainAuto.DomainAuto.1”) . . . obj.InvokeScript(“DeleteUser”,”name ..”) The DESY WindowsNT Group

  16. NT5 preparations • first steps • setup of a test domain • planing of requirements • task list • Usage of Technology already available • IIS • Transaction Server The DESY WindowsNT Group

  17. Henner Bartels Henner.Bartels@desy.de (not fulltime) Volker Heynen Volker.Heynen@desy.de Ernst-Axel Knabbe Ernst-Axel.Knabbe@desy.de Wolfgang Krechlok Wolfgang.Krechlok@desy.de Klaus-Dieter Perger Klaus-Dieter.Perger@desy.de (not fulltime) Rolf Rettinger retti@mail.desy.de Helga Schwendicke helgas@ifh.de Cristian Trachimow Christian.Trachimow@desy.de Gunter Trowitzsch gut@ifh.de The DESY WindowsNT Group The DESY WindowsNT Group

More Related