Archive for the ‘arch’ Category.
October 28, 2002, 10:53 am
File Serving:
It is convenient for students and faculty to have access to their files
no matter what computer they’re using, so many universities provide
some sort of network storage. Requirements for a network storage
system include:
- Scalability. It must be able to handle use by all members
of the university. (e.g. at MIT, it must be able to handle 15000 users.)
- Reliability and security
(it has to withstand use by a large number of highly intelligent,
curious computer science students with lots of time on their hands!)
- Compatibility with Windows, Linux, and Macintosh
- Low Cost. It is likely that only a free software solution will
be inexpensive enough to be used on every computer on campus.
- Support. It must already be deployed at many universities,
and books and other training materials must be readily available.
The building block services for a network storage system include:
- File Serving
- Authentication
- Time Synchronization
- User Directory
- Domain Name Service
Oddly enough, it seems there is currently only one choice for the File
Serving service that meets all the above requirements: AFS (in the form
of OpenAFS).
That dictates several other choices:
AFS requires Kerberos as its user authentication service,
and Kerberos requires NTP as its time synchronization service.
Both probably require DNS as their hostname lookup service.
Lots of useful links re AFS, Kerberos, integration with clients, help desk pages at various universities, Active Directory, evaluations/critiques of alternatives, and other related topics.
September 11, 2002, 3:48 pm
Active Directory: prepare to pay more for Windows 2000 management
…
Tony Lock, senior analyst at Bloor Research, said the problems faced by users were no surprise as Microsoft still had not addressed the management problems of Active Directory. He said many users were unaware of the tools bundled with the operating system or the third-party software they could buy to simplify management.
Lock said: “The costs associated with the management of an IT infrastructure form the bulk of expenditure and users do need to realise what they’re getting themselves into.”
Lock has a number of recommendations for any company considering adopting Active Directory. First, decide who will manage what aspects of the installation; then decide how to delegate responsibility. Finally, Lock suggested, users should work out a change management policy. All these steps, he noted, should be completed “before taking the [Windows 2000] CD out of the box”.
In a paper on managing the Active Directory analyst firm Giga Information Group recommends businesses use third-party management tools for large installations. “It is absolutely essential that enterprises of 1,000 users or more bolster the capabilities of the embedded Windows 2000 Server Active Directory Management Toolkit (ADMT) with the appropriate management and monitoring tools.”
Giga has identified a number of suppliers specialising in such management tools. These include NetIQ, FastLane Technology, Bind View, Aelita Software, BMC and Full Armor.
In June, Microsoft admitted that Active Directory was hard to manage. It said the next version of its server operating system, Windows .net, would tackle this issue. Stuart Kwan, group programme manager at Microsoft responsible for the Active Directory, said the new release focuses on making the server easier to administer.
May 31, 2002, 8:01 am
Anatomy of a Technology Selection
”
Subsequently, after several months of detail work and considerable expense, Dell Computer abandoned this Enterprise Resource Planning program when they realized that it was inappropriate in their environment. The issues were not directly related to the application architecture, but rather to the implications of running a dynamic company with a distributed management philosophy.
“
May 24, 2002, 12:46 pm
Network World, Daniel Blum:
Is Your Forest Burning?
Over time, Microsoft has backed away from the single-forest concept, finally publishing this past winter a white paper disclosing that service administrators in one domain can’t be isolated from other domains in the forest. Since then, Microsoft has done a security-threat analysis. It determined that a serious hacker’s goal is to gain physical access to a domain controller, or network access to a service administrator account.
Microsoft also has been doing disaster planning. Recently, it wiped out the domain controllers on its entire development group forest, which serves thousands of users, and tested the procedures necessary to bring it back online. And at Microsoft’s recent TechEd conference, a speaker went so far as to advise large companies that “if you don’t have a single CIO, you shouldn’t have a single forest.”
