Institutional Data Flows at MIT

advertisement
Institutional Data Flows at MIT
Paul B. Hill
CSG, May 1999
Major Databases to Cover
•
•
•
•
•
•
Moira
MITID
NIC
Roles Database
Data Warehouse
MITDIR
Where we were
Where we are
Where we want to be
Moira
• Central repository of data for the Athena
environment
• Home grown solution, now with an Oracle
back end
• Unlike a warehouse, it’s more like a “writeonly” database
• 10 years after writing it we discovered it
was a meta-directory
Moira
•
•
•
•
•
•
•
MIT ID to Kerberos principal names
mail lists
group memberships
IP address to hostname mapping
printer info
cluster info
ACLs
Moira feeds data to:
•
•
•
•
Warehouse
DNS servers
Hesiod servers
KDC (new principal
names)
• Mail hubs
• print servers
•
•
•
•
•
•
Boot servers
MITDIR
NIC database
NT ADS (future)
KNFS servers
PTS (AFS)
Moira gets data from:
• Registrar
– manual processing of
tape
• In the future the data
from the Registrar will
be obtained from the
Warehouse. Visibility /
Suppression issues
need to be dealt with.
• Warehouse
– data originally from
Personnel
• User accounts
– voucher, guests, special
students
– small ongoing updates
done via Moira clients
More Moira info
• http://mit.edu/moira/
• Current Moira schema:
http://web/moiradev/src/db/schema.sql
Moira clients
•
blanche batch list maintenance tool
•
chfn change finger information
•
chpobox change pobox location
•
chsh change login shell
•
dcmmaint alternate name for moira, starts in dcm menu
•
listmaint alternate name for moira, starts in list menu
•
mailmaint allows naive users to add/delete themselves on mailing lists moira
primary Moira client with menus for all services
•
usermaint alternate name for moira, starts in user menu
Moira comments
• Client applications allow users or system
administrators to perform interactive
updates.
• Some changes are immediate. Many take
overnight to propagate.
• Used by other systems to maintain a unified
name space, e.g. checked before creating a
mainframe account.
MITID
• The MIT ID Database provides authorized
lookup and assignment of MIT Ids
• Supposed to be immutable
• Still be used inconsistently
• http://web.mit.edu/mitid/www/
MIT ID
• Consumers
– Accounts
– Personnel
– Graduate Student
Admissions
– P.E. Lottery
– Warehouse
• Suppliers
–
–
–
–
Moira
Accounts
Personnel
Graduate Student
Admissions
– P.E. Lottery (spouses)
MIT ID comments
• Currently it’s not unique enough
– 100s of people with ID of nine 9s.
– Warehouse uses Kerberos principal as the
primary key. Not all principals are users. Some
users have multiple principals.
– NIC uses the Moira row number.
NIC
• Used for
– X.509 certificate management
– Tether account registration
– DHCP registration
• Future:
– will be used to update MITDIR
– eventual management of DNS instead of Moira
More NIC
• Feeds
– Moira
– Warehouse
• Will feed:
– Warehouse
– SAP billing
MIT Warehouse
• The Data Warehouse provides the MIT
community with integrated data from
various administrative systems (subject
areas), and stores the data in one location.
• The Warehouse is a “read-only” database,
guaranteeing stability over time.
MIT Warehouse
• Balance Sheet
Balances
• Balances
• Balances by Fiscal
Period
• Commitment History
• Credit Card
• Current Commitments
•
•
•
•
•
•
Financial Detail
Graduate Awards
Overhead Rates
Personnel
Purchasing Detail
Space
Detailed info on the warehouse
• http://web.mit.edu/warehouse/
The Roles Database
• The Roles Database provides a consistent
way to store and maintain access rules for
other applications, such as SAP.
• Authorizations are stored in the Roles
system's central database; you use the frontend application to display, create, or modify
them.
Roles Continued
• The Roles Database does not enforce the
access rules that it maintains.
– It only collects the information and distributes
it to the appropriate applications, usually as a
nightly data feed.
– Applications with an interface to the Roles
Database interpret the access rules from the
Roles Database and enforce them.
Details on the web
• http://web.mit.edu/rolesdb/www/
MITDIR
• MIT white pages and grey pages
– White page access via finger, whois, CSO, web
form
– Grey pages access via web form
• politics
– data suppression issues
– query limiting issues
– changing information
Notably Missing
• LDAP
– will probably use Microsoft ADS
– If a need develops, will find something more
robust
– Global Catalog issues?
• NDS
– little demand, trying to phase out central
support
ADS
• No experience yet
• Will be a subsidiary database
• Major focus over next year
– data propagation and synchronization
– impact on MIT KDC
More ADS
• Latest MS Logo requirements still skirt the
issues
• Large number of default attributes and
classes
– What do we need to use?
– Will we need to add attributes?
Download