Documentation for admins

From Syscore

Contents 1 Critical items 1.1 Monitoring 1.2 Miscellanea 2 Account management 2.1 New accounts 2.2 Account lifecycle 2.3 Tasks 3 Identity management system (IDMS) 3.1 Directory services and LDAP 3.2 NIS 4 Infrastructure and environment 4.1 Logical 4.2 Physical 5 Monitoring and statistics 5.1 Cacti 5.2 Nagios 6 Policies and procedures 7 Services: applications 7.1 Blackboard 7.2 Calendar 7.3 Databases 7.3.1 MySQL 7.3.2 Oracle 7.4 FTP mirroring 8 Services: system 8.1 AFS 8.2 Email services 8.3 Kerberos 8.4 Logging 8.5 Non-AFS Backup and Restoration 8.6 Printing 9 Services: web-based / web-enhanced 9.1 Webadmin 9.2 WebAuth 9.3 WebMail 9.4 Web portal 9.5 Misc OIT-supported web applications 10 Software in Syscore 10.1 Building and managing software 10.2 Locally Developed Code 11 System management 11.1 Building new servers 11.2 Managing existing servers

Critical items

Monitoring

• Cacti monitoring view
• Nagios login portal

→ Monitoring and statistics section

Miscellanea

• Current Syscore projects list
• UMBC Local SSL CA Certificate

Account management

New accounts

New students, faculty, and staff need to create and activate a primary account in the UMBC computing environment before they can make full use of our various resources, including logins, [myUMBC], and so on. Assuming that directory information already exists about the new person, he or she can begin by authenticating via the [UMBC Account Creation webpage].

Account lifecycle

1. Active
   • An account is considered active so long as the owner (or a sponsor) maintains a current affiliation with UMBC
2. Deactivated
   • After a user is no longer actively affiliated with UMBC, there is a grace period - the length of which is determined by the user's prior affilition type - during which the user's accounts still function normally
   • After the grace period expires, all the user's accounts are marked as deactivated
   • What changes
     • Interactive logins no longer work
     • Incoming email delivery fails with an error message
   • What stays the same
     • Web portal functions such as requesting transcripts and configuring [email forwarding] still work
     • Email forwarding still works
3. Deleted
   • After a pre-defined time in the deactivated state, the account is deleted in a batch job
   • What changes
     • All files remaining in the account are deleted
     • The AFS volume associated with the account is removed
     • The Unix UID associated with the account put back in the pool for general use
   • Note: There are currently no plans to recycle usernames (Kerberos principals)

Tasks

• Renaming accounts
• Deleting accounts
• Managing AOK Library guest accounts

Identity management system (IDMS)

IDMS is the logical construct that encompasses all information, services, and management processes related to entities, authentication, and authorization. It is generally considered middleware and tends to go hand-in-hand with directory services.

• IDMS at UMBC
• Account management

Directory services and LDAP

Directory services are part of the middleware that exists between users and the underlying computing infrastructure. The directory contains information associated with users and network computing resources and serves out the relevant bits during user authentication, access authorization, and other informational queries.

• The central directory at UMBC is based on the Lightweight Directory Access Protocol (LDAP)
  • University affiliation definitions used in the directory
  • Campus Identifiers
  • Annoyingly Difficult Process to Add Affiliations

NIS

• The subset of information necessary for logging into Unix-based systems is propagated using Network Information Services NIS/yp maps

Infrastructure and environment

Logical

• AFS servers and filespace structure
• Core Web Environment
• Core Storage Fabric

Physical

• Computer Room
  • PUP
  • ECS012C
  • Console Server
  • Belkin KVM switch
  • View Contents of All Racks
  • View Contents of One Rack
• Core Storage Fabric

Monitoring and statistics

Statistics generated by Cacti and Sawmill can be found off of [stats.umbc.edu], the UMBC statistics server.

Cacti

Cacti is a PHP-driven graphing front-end to RRDTool (Round-Robin Database Tool). We use Cacti to monitor system status and key system metrics (such as load, memory usage, and network traffic) for Syscore servers.

• HOW TO
  • [Cacti - Monitoring view]
  • [Cacti - Admin login]

• REFERENCE
  • Cacti is currently running on stats.umbc.edu
  • Offsite: [Cacti Group homepage]
  • Offsite: [RRDTool homepage]

Nagios

Nagios was designed to monitor hosts, services, and network connectivity. It can run as an external, network-based observer or can poll data from [client plugins]. As a note of historical continuity, Nagios is the next generation of NetSaint - which we also used to monitor our demesne.

• HOW TO
  • [Nagios login portal]

• REFERENCE
  • Nagios is currently running on aegis.umbc.edu
  • Our Nagios portal uses Kerberos authentication
  • Offsite: [Nagios homepage]

Policies and procedures

• Policies
  • AFS volume restore policy
  • Deleting a user account
  • Renaming a user account (user account also referred to as login ID, username, user ID, etc.)

• Procedures
  • Backup and Recovery
    • AFS volume backup and restore
    • Legato backup and recovery

Services: applications

Blackboard

• Blackboard is UMBC's online course content application

Calendar

• Oracle® Collaboration Suite Calendar server
• Running on calendar.umbc.edu, a Sun T1000
• Oracle Collaboration Suite Administration
• Oracle Calendar Server Administration

Databases

MySQL

• Running on grimm.umbc.edu, with production address being mysql.gl or mysql1.umbc.edu
• MySQL 4.1.x
• MySQL user documentation

Oracle

• Syscore operates the GL Oracle instance
• Runs on threepio.umbc.edu, with production address being oracle.gl
• Oracle user documentation

FTP mirroring

• Access
  • ftp://mirrors.umbc.edu/
  • AFS: /afs/umbc.edu/public/ftp/pub/
• We mirror various open-source software repositories locally for speedier onsite access

Services: system

AFS

AFS is a distributed network filesystem that has been used at UMBC since 1999.

• HOW TO
  • Fixing AFS volumes that fail to backup
  • Re-balancing AFS home volumes
  • Configuring AFS clients
  • AFS Volume Backup and Restore
  • Configure An AFS Fileserver

• REFERENCE
  • AFS servers and filespace structure
  • AFS home directory server history
  • Offsite: [OpenAFS documentation]

Email services

Email was once thought of as an ancillary service, an extra provided as a benefit to the site, but not a real necessity. What was once a neat trick has now become a mission-critical function, however; users are demanding reliability, performance, and transparency as they send innumerable messages to one another.

• The Email page is divided into two sections:
  • One with practical instructions on performing email-related administration tasks
  • Another with background information on the infrastructure engineered to support campus email services
  • New Mail Stuff
• Listproc mailing list management
• WebMail web-based access to email

Kerberos

• Kerberos background information
• Kerberos Password Policies

Logging

• Core Logging

Non-AFS Backup and Restoration

• Core Infrastructure Legato Networker

Printing

• Printing
• Xerox Docucenter LPRNG Options

Services: web-based / web-enhanced

Webadmin

• Webadmin Beta login page (Try it!)
• Webadmin login page
• REFERENCE
  • Webadmin is the OIT web-based portal for:
    • Account management
    • Identity Management
    • Inventory management
    • Other administrative functionality
  • Backend is based on mod_perl

WebAuth

• WebAuth login page
• REFERENCE
  • WebAuth is the Single-Sign-On component to MyUMBC
  • Background on WebAuth
  • Using WebAuth in Core web environment

WebMail

• WebMail login page
• REFERENCE
  • Backend is based on [SquirrelMail]
  • Running on webmail1.umbc.edu

Web portal

• myUMBC login page
• REFERENCE
  • Backend is based on uPortal
  • myUMBC background information
  • Easipipe
  • myUMBC CVS Repository
  • myUMBC SIS Functionality
  • myUMBC Legacy Authentication
  • myUMBC Web Server Config
  • "Olde" myUMBC

Misc OIT-supported web applications

• Alumni support apps (deprecated)
• E-Billing signup
• Faculty Annual Report
• Miscellaneous CGI Scripts (mostly deprecated)
• Office of Student Life Apps
• Online Schedule of Classes
• Online Student Job Application Form
• Regalia order form for Commencement and Convocation
• Slides Library (deprecated)
• Student Parking Appeals

Software in Syscore

Building and managing software

Syscore uses EMT and depot to build, propagate, and manage software packages.

• Building software packages with EMT
• Distributing software with depot
• Removing software packages with EMT

Locally Developed Code

• libafsutil.so - A locally developed library for easily accessing and manipulating AFS file information
• Maildir mailbox format - An enhanced maildir driver for imap-uw.

System management

Building new servers

• How to build new Sun Solaris servers using Jumpstart
• How to build new RedHat RHEL3 servers
• X4100 Setup

Managing existing servers

• Cfengine