Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

The NMI Integration Testbed

advertisement 
The NMI Integration Testbed
• Developed and managed by SURA
NMI Participation
USERS
CONTRIBUTORS
Implementers
Target Communities
DEVELOPERS
NMI Integration
Testbed
SUPPORTERS
• Evaluate NMI components upon release
• Real life contexts - research projects,
enterprise applications and infrastructure
NMI Integration Testbed
Sites
UAB
UAH
UFL
FSU
GSU
UMich
TACC
UVA
(USC)
http://www.nsf-middleware.org/testbed
future
expansion
?
NMI Components Take on New Meaning
Mike Conlon, Ph.D.
Director of Data Infrastructure
mconlon@ufl.edu
NMI Components
Globus
Condor-G
NWS
KX.509
GSI OpenSSH
MyProxy
MPICH-G2
Grid
Packaging
Grid Config
CPM
Look
OpenSAML
PERMIS
PubCookie
Sibboleth
LDAP Analyzer
Cert Profile
Registry
eduPerson
eduOrg
commObject
Practice in
Groups
LDAP Recipe
Metadirectory
Best Practices
Enterprise
Impl Roadmap
HEPKI
PKI-Lite
NMI Components At UF
Globus
Condor-G
NWS
KX.509
GSI OpenSSH
MyProxy
MPICH-G2
Grid
Packaging
Grid Config
CPM
Look
OpenSAML
PERMIS
PubCookie
Sibboleth
LDAP Analyzer
Cert Profile
Registry
eduPerson
eduOrg
commObject
Practice in
Groups
LDAP Recipe
Metadirectory
Best Practices
Enterprise
Impl Roadmap
HEPKI
PKI-Lite
One Slide About UF
 49,000 students in Gainesville Fl
 Freshman class: 3.92 GPA, 1300 SAT
 $1.8 Billion annual budget, $450 million in
research -- growing at 12% per year.
Health Sciences – 52% of research.
 140 academic departments in 23 colleges
 Land grant – extension in all 67 counties.
 The Gators, Lady Gators, GatorAde
One Slide About UF Technology
500 IT professionals across campus
Very decentralized
Over 300 email servers
30,000 devices on the open network
AD, NDS, iPlanet, OpenLDAP,
Kerberos
 Recent Directory Project
 Current PeopleSoft implementation





Using the Components
 Conventions and Best Practices
 Metadirectory Practices
 Enterprise Directory Roadmap
 Practices in Groups
 Schema
 eduPerson
 eduOrg
 commObject
MetaDirectory Practices
 Concepts of identity management







Single Sign-On
Security
Provisioning
Deactivate
Attribute Use
Identity resolution
Identifers
UF Directory Project
Start planning August 2000
Finish report September 2001
Begin implementation October 2001
Deploy new directory January 23,
2003
 http://www.it.ufl.edu/projects/directo
ry




Directory Project Deliverables
New Registry
New LDAP schema (eduPerson, eduOrg)
New IDs – UFID and UUID tied to GatorLink
50,000 new Gator One cards
1,500 applications modified
New self-service apps
http://phonebook.ufl.edu
 New directory coordinator apps
 New APIs for directory-enabling business
processes






UF Directory – Architecture
Identifiers
 GatorLink – public username, email address
(mconlon@ufl.edu), single sign-on.
Revocable. Lucent.
 UFID. Eight digit random number assigned
by UF. nnnn-nnnn. Used where SSN was
used previously. Protected. Revocable,
opaque.
 UUID (GUID) “NDC”. Opaque, nonrevocable. Not used outside central
systems.
Enterprise Directory Implementation Road Map
 Parallel Tracks for Technical Work and
Functional work
 Value proposition – why do this (UF
spent $4.7 million). Selling “position”
or future capability is tough. What
can we actually do? Why is it better
than what we have?
 Use vignettes
 Under promise, over deliver
A Vignette
Bill is a physician faculty member in the College of
Medicine. He and/or his department administrator can
update his contact information using a web page. This
information automatically populates/updates the
personnel system, the Shands Communications system
(CHRIS), the Shands HealthCare on-line directory of
physicians, Bill’s entry in Netware Directory Services,
Active Directory, the on-line phone book, the UF
enterprise directory database, and the UF LDAP directory.
People using email programs and their address books
always automatically access Bill’s current email address.
UF business processes have access to Bill’s current
information. Bill’s information is updated once and is
used and accessed consistently across the enterprise.
Functional Issues






Who can update data?
Who can replicate data?
Who resolves conflicting values?
Who owns data?
Who can access data?
What business processes are
supported? What processes are not
supported?
Recent Projects
LDAP infrastructure improvements
Library authorization via directory
VPN access via directory
UF Web Portal uses LDAP and LDAP
groups
 UF Housing Icarus system
 Active Directory Provisioning




LDAP Groups
 Practices in
Groups
 Currently using
groups for
Portal
 Considering
groups for email
 Considering
groups for role
information
Current Projects








LDAP infrastructure improvements v2
Help Desk integration
Authorization management
Active Directory Provisioning
commObject for video, VOIP
PubCookie
Location management
Password management
Rethinking Directory Services
 Metadirectory Practices
 Identity management, identifier strategy
 Enterpise Directory Road Map
 Functional issues dominate
 Practices in Groups
 Second phase issues for improving
services
Related documents
reading
reading
Construction Check List for The Preserve, Delwood Point, and
Construction Check List for The Preserve, Delwood Point, and
Faculty Directory Information Form
Faculty Directory Information Form
Data Classification Examples
Data Classification Examples
Membership Enrollment Form
Membership Enrollment Form
Download
advertisement