Presentation is loading. Please wait.

Presentation is loading. Please wait.

PASS Migration – Update V A Retrospective Current Issues Future Directions with Jeff D’Angelo NWOP 2008/08/18.

Published byTiffany Martha Palmer Modified over 8 years ago

Similar presentations

Presentation on theme: "PASS Migration – Update V A Retrospective Current Issues Future Directions with Jeff D’Angelo NWOP 2008/08/18."— Presentation transcript:

1 PASS Migration – Update V A Retrospective Current Issues Future Directions with Jeff D’Angelo NWOP 2008/08/18

2 PASS Migration – A Retrospective  Need arose: Replace DCE/DFS with Kerberos/LDAP/GPFS  Replacement authentication & directory services ran in parallel for years  PASS Beta launched December 2007  Early migration to new PASS June 2008  Final migration July 3-4 2008

3 PASS Migration – A Retrospective What went well:  Completed data migration on time  Most critical functionality preserved  Internal and external communication processes improved Not so well:  3 rd party software incompatibilities

4 PASS Migration – A Retrospective Major Changes:  CIFS/NFS require kerberos  Quota behavior  Permissions (ACLs) NFSv4 based  UNIX system changes  php.scripts.psu.edu major changes  SSH host key changes (sftp / UNIX)  Path changes (e.g. /pass)  MIT KDCs: Longer Kerberos ticket lifetimes  LDAP schema / attribute usage for PASS http://www.personal.psu.edu/jcd/blogs/NextPass/ 2008/07/pass-migration-complete.html

5 PASS Migration – Current Issues Documentation still in development, e.g.:  Mounting NFS Gateway from Mac  Known issues KB articles

6 PASS Migration – Current Issues PASS Gateway server issues  32 group limit for CIFS

7 PASS Migration – Current Issues PASS Gateway client issues  Windows AD domain w/ dce.psu.edu trust  Works automatically  Windows (w/o AD) requires for Kerberos:  Must specify user  User must include domain

8 PASS Migration – Current Issues PASS Gateway client issues  Mac OS X  Ticket problem while authenticated to AD  Leopard’s Finder misinterprets CIFS ACLs  Kerberos requirement precludes Tiger NFS  NFSv3 requires multiple mounts

9 PASS Migration – Current Issues PASS Gateway client issues  Linux  mount.cifs has no kerberos support yet  NFSv4 performance less than peers  Ticket renewal (beyond 14 days)  “nfs” service principal required for NFS client

10 PASS Migration – Current Issues PASS Gateway client issues  Solaris NFSv4  ls / stat() issue  AIX NFS  Executable error “Cannot open or remove a file containing a running program”

11 PASS Migration – Current Issues Secure Shell / Secure File Transfer  Host key changes  sftp.pass.psu.edu, sftp.personal.psul.edu  rs6klab.aset.psu.edu  Fugu may hang kb.its.psu.edu/psu-all/hd/fuguhangs kb.its.psu.edu/psu-all/hd/fuguhangs

12 PASS Migration – Current Issues Web services  www.courses.psu.edu www.courses.psu.edu  now uses SSL for all content, WebAccess for protected content  PHP content no longer automatic  Apache 2: Server Side Includes (SSI)  Old MIME type activation no longer supported despite docs  PHP users may need to update/remove default.htaccess

13 PASS Migration – FIXED Issues FIXED Issues:  PASS Explorer Browse-To list auto groups  CIFS READ-ONLY attribute falsely set  PHP SQLite2 driver missing  Cbs UNIX cluster back after hiatus

14 PASS Migration – New Directions Where are we now?  Beta / Early migration systems down: today  Fixing / Documenting known issues  Web permissions tools further development  Add new features to File Permissions Manager  Create Web Services based command line tool  Mac mount PASS tool update for NFS

15 PASS Migration – New Directions Where are we going?  GPFS data redundancy  New quota limit – mid semester  DCE/DFS shut down December 2008  Enhanced quota system – expected summer 2009  Permissions tools integration (web/file)  Kerberized sftp/ssh login  Self-serve kerberos keytabs  UMG updates

16 PASS Migration Timeline DateMilestoneHow this is definedEstimated ImpactCompleted March 17, 2008 Open Beta period begins Enrollment for the testing environment is announced for all of Penn State. All the current functionality in PASS space is available to the testers. YES May 30, 2008 Begin Internal ITS Migration All Production services are operational. The Pre- tag will remain until the Final Cutover. All ITS Units under /dept/its space YES May 30-June 30, 2008 Open Penn State Early Migration We will offer the option to perform a timely migration in advance before the final move on July 4th. Announcement to ITS staff targeted for mid- May. YES July 3, 5 p.m. Through July 7, 7 a.m. Complete Data Migration, PASS goes read-only for the 3 day weekend DFS is locked into a read- only state. All systems and data remaining in DFS are moved into GPFS. No turning back. All our dependent systems YES December 2008 Decommission DCE/DFS Shut off existing systems. Repurpose Hardware. Plan for next hardware/power issues. Hopefully NoneNo

17 PASS Migration Resources: Kerberos Authentication For Kerberos auth to the Penn State Kerberos realm (dce.psu.edu) for either Mac, Windows or Linux clients. Mac OS X:CLC has documented setting up Kerberos auth on OSX http://clc.its.psu.edu/Labs/Mac/Resources/authdoc/default.aspx http://clc.its.psu.edu/Labs/Mac/help/privatefilespace/macpass.aspx LINUX: For discussion of Kerberos auth and SSO see: https://wikispaces.psu.edu/display/access/Kerberos WINDOWS:For discussion of Kerberos auth and SSO see: https://wikispaces.psu.edu/display/access/Kerberos+on+Windows Note: The registry key that must be installed on the windows clients is called "psuksetup.reg" and is available here: http://aset.its.psu.edu/docs/windows/active_directory/kdcrecords.html

18 PASS Migration Resources: Online Learning Materials Publishing: The Infrastructure at Penn State http://portfolio.psu.edu/files/eportfolio/PASS_blogs_viewlet_swf.html The Files in Your PASS Space: A Guided Tour http://portfolio.psu.edu/files/eportfolio/PASS_tour_viewlet_swf.html Publishing in your Penn State Web Space http://portfolio.psu.edu/files/eportfolio/Publishing_in_PASS.pdf

19 PASS Migration Resources: Online Documentation 1. The MIT Kerberos tools for various OS http://web.mit.edu/Kerberos/dist/index.html 2. New Public Online Documentation for PASS http://its.psu.edu/PASS/ http://its.psu.edu/PASS/ 3. Wikispaces – for Penn State affiliated Faculty and Staff http://wikispaces.psu.edu/display/PASS http://wikispaces.psu.edu/display/PASS 4. Next PASS Blog by Jeff D’Angelo http://www.personal.psu.edu/jcd/blogs/NextPass/ http://www.personal.psu.edu/jcd/blogs/NextPass/

20 Active Directory Update ACCESS.PSU.EDU forest  Exchange 2007 support introduced

21 Search Engine Update Upgrade expected Fall 2008  New hardware  Out: 1 x GB-5005  In: 2 x GB-1001  New software  GSA 4.x -> 5.x

Download ppt "PASS Migration – Update V A Retrospective Current Issues Future Directions with Jeff D’Angelo NWOP 2008/08/18."

Similar presentations

automated single login access to Novell storage resources

automated single login access to Novell storage resources
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
NGAS – The Next Generation Archive System Jens Knudstrup NGAS The Next Generation Archive System.

NGAS – The Next Generation Archive System Jens Knudstrup NGAS The Next Generation Archive System.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 14 Upgrading to Exchange Server 2003.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Caroline Cappuccio Katherine Ananis Spring 2010. Part 1: About Xythos  What is Xythos?  Who can use Xythos at UMB?  Why use Xythos?  How do you access.

Caroline Cappuccio Katherine Ananis Spring Part 1: About Xythos  What is Xythos?  Who can use Xythos at UMB?  Why use Xythos?  How do you access.
NHSmail: Technology Refresh 26 th February 2008 Mike Dolan NHSmail Migration Manager.

NHSmail: Technology Refresh 26 th February 2008 Mike Dolan NHSmail Migration Manager.
Jaap Wesselius May 27, 2009 Exchange Server 2010 what’s new?

Jaap Wesselius May 27, 2009 Exchange Server 2010 what’s new?
Bear Access Fall 2006 Dan Bartholomew Lee Brink April 19, 2006.

Bear Access Fall 2006 Dan Bartholomew Lee Brink April 19, 2006.
PaperCut NG Chris Dance. Copyright © 2006 - PaperCut Software Pty. Ltd. 2 Overview Overview of PaperCut NG Why we offer a Mac Version The story of our.

PaperCut NG Chris Dance. Copyright © PaperCut Software Pty. Ltd. 2 Overview Overview of PaperCut NG Why we offer a Mac Version The story of our.
SubVersioN – the new Central Service at DESY by Marian Gawron.

SubVersioN – the new Central Service at DESY by Marian Gawron.
Penn State University College Of Education Understanding College of Education Resources.

Penn State University College Of Education Understanding College of Education Resources.
Chapter 7 Configuring & Managing Distributed File System

Chapter 7 Configuring & Managing Distributed File System
Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group

Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series 2008 - WebSEAL SSO, Session 1 Presented by: Andrew Quap.

TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series WebSEAL SSO, Session 1 Presented by: Andrew Quap.
Chapter 11: Creating and Managing Shared Folders BAI617.

Chapter 11: Creating and Managing Shared Folders BAI617.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Similar presentations

Ads by Google