Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

Enterprise Mac Test Plan Introduction The purpose of this effort is to

advertisement 
Enterprise Mac Test Plan
1. Introduction
The purpose of this effort is to evaluate each of the pre-selected options for integrating Mac
desktops into the greater campus directory and authentication infrastructure.
2. Requirements
These are the functional requirements that have been developed by canvassing the campus Mac
User community to determine what the minimum set of functionality that is required to enable the
most positive end user experience while providing the most maintainable management process.
2.1. Central Account Management
The ability to access a central repository of user accounts instead of maintaining accounts
locally on each Mac.
2.2. Kerberos Single Sign-on (SSO)
The ability to authenticate one time during console login and have full access to
Kerberos/network services system-wide.
2.3. Mobile Accounts
The ability of the system to cache user account information for use when the system is off the
network and/or no longer in touch with campus infrastructure resources.
2.4. Access Controls
The ability to control system access locally at the console and remotely via network protocols.
2.5. Group Policies
The ability to apply policies and/or customizations to all Mac users or a subset of users.
3. Evaluation Criteria
3.1. Cost
The cost associated with implementing the option. These include; one-time costs,
hardware/software lifecycle costs and ongoing staff resources?
3.2. Future-proofing
How resilient is the option to future changes by one or more vendors?
3.3. Security
3.3.1. Operating System Security
Control and secure the underlying operating system that hosts the infrastructure
services.
3.3.2. Data Security
Control access to the account and directory database.
3.3.3. Authorization Security
Control access to the authorization database.
3.3.4. Physical Security
Control physical access to the server hardware.
3.4. Client Support
for Jason to fill in…
3.5. Scalability
How well does the option scale relative to number of total users and concurrent users?
3.6. Maintainability
What is the level of effort required to maintain the option?
3.7. Integration
How well does the option integrate with the rest of the campus infrastructure?
4. Test Configuration(s)
4.1. Option 1: Native Apple Open Directory
4.1.1. Hardware
Xserve
4.1.2. Software
OSX Server ver. 10.5.5
4.1.3. Connections
None
4.1.4. Modifications
None
4.2. Option 2b: Augmented Open Directory (magic triangle) with MIT K5 Authorization
4.2.1. Hardware
Xserve
4.2.2. Software
OSX Server ver. 10.5.5
4.2.3. Connections
None
4.2.4. Modifications
None
4.3. Option 3a: Active Directory Modified with Mac-specific Schema Attributes
4.3.1. Hardware
Xserve
4.3.2. Software
OSX Server ver. 10.5.5
4.3.3. Connections
None
4.3.4. Modifications
None
4.4. Option 4: OpenLDAP Modified with Mac-specific Schema Attributes
4.4.1. Hardware
Xserve
4.4.2. Software
OSX Server ver. 10.5.5
4.4.3. Connections
None
4.4.4. Modifications
None
5. Test Procedures
5.1. Option 1: Native Apple Open Directory
5.1.1. Configure the server as an Open Directory Master.
5.1.2. Configure a client Mac to bind to this Open Directory Master.
5.1.3. Logon to client using network account. (Rqmt 2.1)
5.1.4. Open OSX WGM and create a group containing test user.
5.1.5. Create a group directory on the server and set access for Kerberos only.
5.1.6. From the client, access the group folder ensuring no additional authentication is
required. (Rqmt 2.2)
5.1.7. From the client, logout and remove network connectivity (unplug the client from the wall
jack).
5.1.8. At the client, login using the network account. (Rqmt 2.3)
5.1.9. Open OSX WGM and remove local login accept for the test account and the local admin
account.
5.1.10. Attempt to login using a network login that is NOT the test user with access. (Rqmt 2.4)
5.1.11. Login with the authorized account to ensure access is correctly set. (Rqmt 2.4)
5.1.12. Open OSX WGM and apply customization to the test account. Modify the user’s dock,
limit the time the user is allowed to login.
5.1.13. At the client, login with the test account and validate the policies have been applied
correctly. (Rqmt 2.5)
5.1.14. Open Address Book and search for _______. Verify access to Stanford-only attributes.
Verify no access for private attributes.
5.1.15. Login infrastructure binding.
5.1.16. Registry Groups. SUPrivGrp.
5.1.17. Acct deactivation
5.1.18. Password change propagation.
5.2. Option 2b: Augmented Open Directory (magic triangle) with MIT K5 Authorization
5.2.1. Bind the Mac server to OpenLDAP using the Directory Utility.
5.2.2. Configure the Mac server as an Open Directory Master.
5.2.3. Bind a client Mac to OpenLDAP using the Directory Utility.
5.2.4. Configure a client Mac to bind to the Open Directory Master.
5.2.5. Logon to client using the network account. (Rqmt 2.1)
5.2.6. Open OSX Workgroup Manager and create a group containing the test user.
5.2.7. Create a group directory on the server and set access for Kerberos only.
5.2.8. From the client, access the group folder ensuring no additional authentication is
required. (Rqmt 2.2)
5.2.9. From the client, logout and remove network connectivity (unplug the client from the wall
jack and turn off wireless).
5.2.10. At the client, login using the network account. (Rqmt 2.3)
5.2.11. Open OSX WGM and remove local login accept for the test account and the local admin
account.
5.2.12. Attempt to login using a network login that is NOT the test user with access. (Rqmt 2.4)
5.2.13. Login with the authorized account to ensure access remains correctly set. (Rqmt 2.4)
5.2.14. Open OSX WGM and apply customization to the test account. Modify the user’s dock,
limit the time the user is allowed to login.
5.2.15. At the client, login with the test account and validate the policies have been applied
correctly. (Rqmt 2.5)
5.2.16. Open Address Book and search for _______. Verify access to Stanford-only attributes.
Verify no access for private attributes.
5.2.17. Login infrastructure binding.
5.2.18. Registry Groups. SUPrivGrp.
5.2.19. Acct deactivation.
5.2.20. Password change propagation.
5.3. Option 3a: Active Directory Modified with Mac-specific Schema Attributes
5.3.1. Configure a client Mac to bind to Active Directory.
5.3.2. Logon to client using network account. (Rqmt 2.1)
5.3.3. Open OSX WGM and create a group containing test user.
5.3.4. Create a group directory on the server and set access for Kerberos only.
5.3.5. From the client, access the group folder ensuring no additional authentication is
required. (Rqmt 2.2)
5.3.6. From the client, logout and remove network connectivity (unplug the client from the wall
jack).
5.3.7. At the client, login using the network account. (Rqmt 2.3)
5.3.8. Open OSX WGM and remove local login accept for the test account and the local admin
account.
5.3.9. Attempt to login using a network login that is NOT the test user with access. (Rqmt 2.4)
5.3.10. Login with the authorized account to ensure access is correctly set. (Rqmt 2.4)
5.3.11. Open OSX WGM and apply customization to the test account. Modify the user’s dock,
limit the time the user is allowed to login.
5.3.12. At the client, login with the test account and validate the policies have been applied
correctly. (Rqmt 2.5)
5.3.13. Open Address Book and search for _______. Verify access to Stanford-only attributes.
Verify no access for private attributes.
5.3.14. Login infrastructure binding.
5.3.15. Registry Groups. SUPrivGrp.
5.3.16. Acct deactivation.
5.3.17. Password change propagation.
5.4. Option 4: OpenLDAP Modified with Mac-specific Schema Attributes
5.4.1. Configure a client Mac to bind to the OpenLDAP server.
5.4.2. Logon to client using network account. (Rqmt 2.1)
5.4.3. Open OSX WGM and create a group containing test user.
5.4.4. Create a group directory on the server and set access for Kerberos only.
5.4.5. From the client, access the group folder ensuring no additional authentication is
required. (Rqmt 2.2)
6.
7.
8.
9.
5.4.6. From the client, logout and remove network connectivity (unplug the client from the wall
jack).
5.4.7. At the client, login using the network account. (Rqmt 2.3)
5.4.8. Open OSX WGM and remove local login accept for the test account and the local admin
account.
5.4.9. Attempt to login using a network login that is NOT the test user with access. (Rqmt 2.4)
5.4.10. Login with the authorized account to ensure access is correctly set. (Rqmt 2.4)
5.4.11. Open OSX WGM and apply customization to the test account. Modify the user’s dock,
limit the time the user is allowed to login.
5.4.12. At the client, login with the test account and validate the policies have been applied
correctly. (Rqmt 2.5)
5.4.13. Open Address Book and search for _______. Verify access to Stanford-only attributes.
Verify no access for private attributes.
5.4.14. Login infrastructure binding.
5.4.15. Registry Groups. SUPrivGrp.
5.4.16. Acct deactivation.
5.4.17. Password change propagation.
Schedule
TBD
Resources
TBD
Evaluation Matrix
TBD
Summary
TBD
Related documents
HV-Open for laptop
HV-Open for laptop
Using Khan Academy
Using Khan Academy
Clickon the word AR below to learn more about AR Home Connect
Clickon the word AR below to learn more about AR Home Connect
XL0Y-71FR-301Z-0032
XL0Y-71FR-301Z-0032
State of Rhode Island Retirement Website Informational Power Point
State of Rhode Island Retirement Website Informational Power Point
Slide 1
Slide 1
Parents HowTo - Saltash.net Community School
Parents HowTo - Saltash.net Community School
Download
advertisement