Institutional Data Flows at MIT Paul B. Hill CSG, May 1999 Major Databases to Cover • • • • • • Moira MITID NIC Roles Database Data Warehouse MITDIR Where we were Where we are Where we want to be Moira • Central repository of data for the Athena environment • Home grown solution, now with an Oracle back end • Unlike a warehouse, it’s more like a “writeonly” database • 10 years after writing it we discovered it was a meta-directory Moira • • • • • • • MIT ID to Kerberos principal names mail lists group memberships IP address to hostname mapping printer info cluster info ACLs Moira feeds data to: • • • • Warehouse DNS servers Hesiod servers KDC (new principal names) • Mail hubs • print servers • • • • • • Boot servers MITDIR NIC database NT ADS (future) KNFS servers PTS (AFS) Moira gets data from: • Registrar – manual processing of tape • In the future the data from the Registrar will be obtained from the Warehouse. Visibility / Suppression issues need to be dealt with. • Warehouse – data originally from Personnel • User accounts – voucher, guests, special students – small ongoing updates done via Moira clients More Moira info • http://mit.edu/moira/ • Current Moira schema: http://web/moiradev/src/db/schema.sql Moira clients • blanche batch list maintenance tool • chfn change finger information • chpobox change pobox location • chsh change login shell • dcmmaint alternate name for moira, starts in dcm menu • listmaint alternate name for moira, starts in list menu • mailmaint allows naive users to add/delete themselves on mailing lists moira primary Moira client with menus for all services • usermaint alternate name for moira, starts in user menu Moira comments • Client applications allow users or system administrators to perform interactive updates. • Some changes are immediate. Many take overnight to propagate. • Used by other systems to maintain a unified name space, e.g. checked before creating a mainframe account. MITID • The MIT ID Database provides authorized lookup and assignment of MIT Ids • Supposed to be immutable • Still be used inconsistently • http://web.mit.edu/mitid/www/ MIT ID • Consumers – Accounts – Personnel – Graduate Student Admissions – P.E. Lottery – Warehouse • Suppliers – – – – Moira Accounts Personnel Graduate Student Admissions – P.E. Lottery (spouses) MIT ID comments • Currently it’s not unique enough – 100s of people with ID of nine 9s. – Warehouse uses Kerberos principal as the primary key. Not all principals are users. Some users have multiple principals. – NIC uses the Moira row number. NIC • Used for – X.509 certificate management – Tether account registration – DHCP registration • Future: – will be used to update MITDIR – eventual management of DNS instead of Moira More NIC • Feeds – Moira – Warehouse • Will feed: – Warehouse – SAP billing MIT Warehouse • The Data Warehouse provides the MIT community with integrated data from various administrative systems (subject areas), and stores the data in one location. • The Warehouse is a “read-only” database, guaranteeing stability over time. MIT Warehouse • Balance Sheet Balances • Balances • Balances by Fiscal Period • Commitment History • Credit Card • Current Commitments • • • • • • Financial Detail Graduate Awards Overhead Rates Personnel Purchasing Detail Space Detailed info on the warehouse • http://web.mit.edu/warehouse/ The Roles Database • The Roles Database provides a consistent way to store and maintain access rules for other applications, such as SAP. • Authorizations are stored in the Roles system's central database; you use the frontend application to display, create, or modify them. Roles Continued • The Roles Database does not enforce the access rules that it maintains. – It only collects the information and distributes it to the appropriate applications, usually as a nightly data feed. – Applications with an interface to the Roles Database interpret the access rules from the Roles Database and enforce them. Details on the web • http://web.mit.edu/rolesdb/www/ MITDIR • MIT white pages and grey pages – White page access via finger, whois, CSO, web form – Grey pages access via web form • politics – data suppression issues – query limiting issues – changing information Notably Missing • LDAP – will probably use Microsoft ADS – If a need develops, will find something more robust – Global Catalog issues? • NDS – little demand, trying to phase out central support ADS • No experience yet • Will be a subsidiary database • Major focus over next year – data propagation and synchronization – impact on MIT KDC More ADS • Latest MS Logo requirements still skirt the issues • Large number of default attributes and classes – What do we need to use? – Will we need to add attributes?